Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.26k
stars
1.87k
forks
source link
Update http_proxy.go to handle multiple sessions from the same ip add… #880
update http_proxy.go to handle multiple sessions from the same ip address
Current Behavior
With the current implementation, if victim B accesses from the same IP address following victim A, Evilginx will not issue a new session properly. This is due to the fact that the implementation unconditionally proxies requests from whitelisted IP addresses in the if statement on line 189.
Expected Behavior:
Although this implementation is necessary to proxy requests issued by browsers without cookies, a new session should be created each time the initial URL of lures is accessed. Especially when dealing with companies that have VPN or zero-trust solutions (e.g. Zscaler, Akamai EAA) in place, the current implementation requires creating lures for as many people as the number of people to be phished.
I would appreciate it if you could adopt a pull request to solve this problem.
sp00nk33d
commented
1 year ago
Summary
update http_proxy.go to handle multiple sessions from the same ip address
Current Behavior
With the current implementation, if victim B accesses from the same IP address following victim A, Evilginx will not issue a new session properly. This is due to the fact that the implementation unconditionally proxies requests from whitelisted IP addresses in the if statement on line 189.
Expected Behavior:
Although this implementation is necessary to proxy requests issued by browsers without cookies, a new session should be created each time the initial URL of lures is accessed. Especially when dealing with companies that have VPN or zero-trust solutions (e.g. Zscaler, Akamai EAA) in place, the current implementation requires creating lures for as many people as the number of people to be phished.
I would appreciate it if you could adopt a pull request to solve this problem.