Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Let's assume Evilginx2 is using Nginx as a reverse proxy. In such a scenario, Evilginx2 logs the IP of Nginx in 'sessions' instead of the actual public IP from the visitor. Nginx sets the visitor's public IP in the X-Real-IP header. Is there a way Evilginx2 can utilize the value of X-Real-IP to log the sessions?
thirdbyte
commented
2 years ago
Problem Statement:
Let's assume Evilginx2 is using Nginx as a reverse proxy. In such a scenario, Evilginx2 logs the IP of Nginx in 'sessions' instead of the actual public IP from the visitor. Nginx sets the visitor's public IP in the X-Real-IP header. Is there a way Evilginx2 can utilize the value of X-Real-IP to log the sessions?