Open fsacer opened 11 months ago
Having the same issue! Have you been able to resolve it?
The solution that currently works for me is using the developer mode and then proxying to the evilginx via frontend proxy.
Second wanting this functionality back. Unsure why on earth it was removed
@fsacer
The solution that currently works for me is using the developer mode and then proxying to the evilginx via frontend proxy.
Hi, do you mind going into a bit more details with the frontend proxy. I've been unable to get my proxy setups with the self signed certificates working (developer mode).
@vc1cv1 Sorry for the late reply, but this case was a bit more complex since I had a setup like nginx->apache->evilginx. The nginx in front was a redirector to the actual server hosting the evilginx via proxy_pass (set Header for Host, X-Forwarded-Proto and X-RealIP), The apache was then configured with more vars which turned SSL verifications off (SSLProxyVerify none, SSLProxyVerify none, SSLProxyVerify none, SSLProxyCheckPeerName off, SSLProxyCheckPeerExpire off) and then passing it of to local evilginx instance. Hope this helps.
The kind of essential function for an operation that would load certificates from disk is omitted in the 3.X branch.
In version 2.4:
https://github.com/kgretzky/evilginx2/blob/e507ce1590b86c1a88afe9046e502f6d03c20fa6/core/certdb.go#L280
In version 3.1:
https://github.com/kgretzky/evilginx2/blob/a49523a9c41ac95a34b4b07c1d856e200f25ebca/core/certdb.go#L170