search

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.33k stars 1.88k forks source link

Question about authentification URL #819

Closed Arasteus closed 1 year ago

Arasteus commented 1 year ago

DO NOT ASK FOR PHISHLETS.

DO NOT ASK FOR HELP CREATING PHISHLETS.

DO NOT ASK TO FIX PHISHLETS.

DO NOT ADVERTISE OR TRY TO SELL PHISHLETS.

EXPECT A BAN OTHERWISE. THANK YOU!

REPORT ONLY BUGS OR FEATURE SUGGESTIONS.

Hello guys,

I'm creating some phishlets and it's working fine except one where: 1) Cookies are dynamicly generated so I used authentification URL

However, if my authentification URL is semi randomly generated such as :
successlogin.do?nonce={random} I tried to do like auth_url = '/successlogin.do*' However the session capture does not work, the log says "One authentification token captured" and then nothing else. Has someone made it work auth_url with regexp ?

Thank you

Arasteus commented 1 year ago

But then it will end the session capture even if the guy has not put his credentials

Support-1535 commented 1 year ago

Hello! If you were already able to resolve your doubts and achieve your goals, close the issue so that we know which ones are pending.

Thank you!

If you want expedited help and have the assistance of many professional people, join our private group. Contact us support@evilginx2.com to give you access to the group.