athena2001
commented
3 years ago before trying can you type in pw?
Closed ghost closed 3 years ago
athena2001
commented
3 years ago before trying can you type in pw?
athena2001
commented
3 years ago It will work if you're using it on your own account or an account which has logged in with the same IP as evilginx2 in the last 24hrs
check ur email please lol
Anonymoushawk
commented
3 years ago hi @TomAbel Great work. But still it is workable only with an account which has logged in with the same IP ?
ghost
commented
3 years ago I don't know, people are saying it's not working at all. I bought some prepaid SIM cards for the purpose of testing it with freshly created accounts, but I don't know when I'll have time for it. You can use my fork in the meanwhile
Replace the botguard token with an error.
Fix the password regex so it won't capture the captcha token if captcha is present.
Redirect to myaccount.google.com when tokens captured.
Remove useless code and use placeholders correctly.
Editing the token enables the password form, which none of the phishlets currently achieve. Replacing it with an error is great because it doesn't require getting a valid token.
There's still some extra checks implemented when you attempt to login from a new location. The phishlet won't bypass those checks but it works on my machine
¯_(ツ)_/¯