kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

BSD 3-Clause "New" or "Revised" License

10.26k stars 1.87k forks source link

Facebook Update #884

Open charlesbel opened 1 year ago

charlesbel commented 1 year ago

Enhanced Javascript :

MutationObserver to wait for form to load
Prevent and disable propagation when clicking on login
Send the password unencoded to Evilginx2 threw a useless web request
Then trigger the normal login flow
Adding also a MutationObserver to check if login fail and handle it

noname1007 commented 1 year ago

Error when catching encrypted password

PWD_BROWSER:5:123456:xxx==

charlesbel commented 1 year ago

Error when catching encrypted password

PWD_BROWSER:5:123456:xxx==

Please give more informations, I can't help you with that