issues
search
kgretzky
/
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.26k
stars
1.87k
forks
source link
Instagram Update
#885
Open
charlesbel
opened
1 year ago
charlesbel
commented
1 year ago
(Basically the same fix as Facebook) Enhanced Javascript :
MutationObserver to wait for form to load
Prevent and disable propagation when clicking on login
Send the password unencoded to Evilginx2 threw a useless web request
Then trigger the normal login flow
Adding also a MutationObserver to check if login fail and handle it
(Basically the same fix as Facebook) Enhanced Javascript :