CORS issue with origin - Githubissues

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

BSD 3-Clause "New" or "Revised" License

10.26k stars 1.87k forks source link

CORS issue with origin #911

Open nixpal opened 1 year ago

nixpal commented 1 year ago

I'm trying to create a simple phishlet for OKTA, but I noticed that the origin hostname in the request header is still showing the phishing domain not the original domain. After some troubleshooting with the source code I found that it is actually replaced correctly, but I don't know why the POST request still sending with "ORIGIN" as phishing domain not the original one.

Veduanon commented 11 months ago

Declare it in custom request header.

    httpReq.setRequestHeader('Access-Control-Allow-Headers', '*');
    httpReq.setRequestHeader('Access-Control-Allow-Origin', '*');

how can i create those in yaml?