Instagram phishlet fails to load images

[LarmonH]

I can successfully capture session cookies and import them from the attacker machine to "hijack" a session, but on the victim side, they see this: I would like to add that I've set up A records in accordance with the results of "phishlets get-hosts Instagram" which includes things like img.instagram.myDomain.com, i.instagram.myDomain.com, etc. where "myDomain" is the domain I've set up and connected to DigitalOcean.

[wirespecter]

I have the same problem, @kgretzky any update on this? I have also used the latest patch from @charlesbel PR (https://github.com/kgretzky/evilginx2/pull/611) but the problem was still not fixed. I have also tried to fix the phishlet but with no satisfactory results so far.

[LarmonH]

I have the same problem, @kgretzky any update on this? I have also used the latest patch from @charlesbel PR (#611) but the problem was still not fixed. I have also tried to fix the phishlet but with no satisfactory results so far.

Have you had any luck so far? My guess is the phishlet is missing one of the domains that Instagram pulls images from but I've had no luck trying to fix it.

[wirespecter]

@LarmonH I managed to do it, now it loads all the images correctly except for the ones that are round shaped right under the search bar. (But I will make them load as well soonish, I'm getting there).

You are correct about your above guess. It doesn't pull the images from the correct domain. By the way, I have one more problem, when I enter the credentials another tab opens where I am logged in and the previous one loads continuously (like it is trying to log in), have you managed to fix this one?

[LarmonH]

@wirespecter I also noticed that. Something must be causing a new tab to be opened upon the user inputting credentials rather than just logging in on the original tab. I haven't had any luck trying to fix it as I've been focussed on the images problem. I would like to take a look at your solution to that by the way whenever's convenient for you.

[wirespecter]

I will gladly show you the solution for the images if you could help me please with the tab opening bug, I have already spent so much time on this. It seems to happen when a post request is sent to /accounts/login/ajax (maybe we need to catch this by using js inject and do something else with it, that's my guess)

[wirespecter]

I found some more info about this, it seems that instagram's "link shim" is responsible for the new tab. A script takes the new link and translates it to: "l.instagram.com/URL" where the redirection happens.

[wirespecter]

Update: I found a solution for the tab opening as well! It took me only 7 days :( It gets easy when you start to debug the javascript, thanks everybody for not helping at all! Cheers!! Later world!!

[LarmonH]

@wirespecter Apologies for not finding the fix before you, I've been very busy with school. I'm sure the developers would appreciate you sharing how you fixed the phishlet (more specifically @charlesbel on his updated phishlets page: https://github.com/charlesbel/Evilginx2-Phishlets). Give it some consideration.

[roux3]

Hello dear @wirespecter , could you help me I'm having the same problems opening a new tab and problems loading the images.