Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.26k
stars
1.87k
forks
source link
Feature Request - Wildcard DNS or Subfilter on Location Header #937
This is my first request of this kind, let me know if there is anything else needed.
I ran into a use case recently while writing a phishlet where there was a 302 redirect in the response of a login flow that sent the user to a randomly generated subdomain like this:
Location: https://{4 random letters}.sub2.sub.target.tld/?nonce=<DATA>&redirect_uri=https%3A%2F%2Fsub.sub.target.tld
The random subdomain has a wildcard DNS response that always resolves to the same DNS name. I saw three methods for catching this type of response (in order of sanity), none of which appear to be possible in the current version of evilginx.
Wildcard DNS for *.sub2.sub.target.tld in proxy_hosts
Rewriting the location header via sub_filters to match on a regular expression and redirect to a static subdomain like aaa.sub2.sub.phish.tld which we could catch with a corresponding entry in proxy_hosts. I believe that the target application does not care about what the actual four chracters are.
Writing 1.6 million lines into proxy_hosts to catch all variations of 4 characters. (this might work but seems REAL dumb)
This is my first request of this kind, let me know if there is anything else needed.
I ran into a use case recently while writing a phishlet where there was a 302 redirect in the response of a login flow that sent the user to a randomly generated subdomain like this:
Location: https://{4 random letters}.sub2.sub.target.tld/?nonce=<DATA>&redirect_uri=https%3A%2F%2Fsub.sub.target.tld
The random subdomain has a wildcard DNS response that always resolves to the same DNS name. I saw three methods for catching this type of response (in order of sanity), none of which appear to be possible in the current version of evilginx.
Please let me know if you have any questions.