search

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.62k stars 1.92k forks source link

502 Gateway Error #751

Closed UndergroundLabs closed 1 year ago

UndergroundLabs commented 2 years ago

I'm writing a phishlet, and everything is working fine. By that I mean all the subdomains are working correctly, and my sub filters are working correctly.

But, when I make the request to login, the server I'm proxying to returns a 502 Gateway Error.

Which is odd because when I copy the cURL request from developer tools, the request to the site I'm proxying to works fine. But when I change the URL to that of my domain (the one hosting evilginx), I get a 502 Error. All the same headers and post data is being passed.

This leaves me thinking that evilginx is sending some data incorrectly. I've trued to enable logging but it doesn't give me any info on the POST route for logging in.

Has anybody had this issue before? Does evilginx log to a file maybe the debug output is there?

Thanks for any help folks. I can't state the domain I'm proxying too I'm afraid but I am 99% certain this may be an issue with evilginx.

Any advice on debugging this would be welcomed.

Evilginx2User commented 2 years ago

Check the IP address of the Request URL in console and x-origin-host you'll ping both address and get the IP address of both then you do an nslookup you'll notice the request domain is hosted differently from the original host... different Ip's It's mostly cloudfare protected sites that has this issue's

So you'll see the request domain is blocking some information being sent to the original domain because your using a reverse proxy and it happens mostly when the site sends authorizations to email for approval ..it's only cloudfare I've seen that does this... So you'll use Cf-Connencting-ip in the request header of the phishlet to reveal the real IP address of the victim being sent to cloudfare or which ever type of proxy is being used on the site once that has been implemented I'm not sure you'll be having that issue again your getting the error because the proxy in the site either cloudfare or another is detecting the IP address of your reverse proxy so it's refusing to send the real IP because there's no Cf-Connencting-ip in the header request your sending...

@Lawson2_a1 that's my telegram incase there are more questions...

Support-1535 commented 1 year ago

Hello! If you were already able to resolve your doubts and achieve your goals, close the issue so that we know which ones are pending.

Thank you!

If you want expedited help and have the assistance of many professional people, join our private group. Contact us support@evilginx2.com to give you access to the group.