search

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.72k stars 1.94k forks source link

blacklisted ip address: 127.0.0.1 #948

Closed RogueThread closed 1 year ago

RogueThread commented 1 year ago

Hi,

With blacklist unauth setting: I get a visit from external attacker then 127.0.0.1 gets added to blacklist and then phishing page no longer works and every IP is "unauthorized", external visits are considered as "127.0.0.1"

See screenshot: image

Jill60 commented 1 year ago

Either you use blacklist off which means bots also will crawl your link or you go and remove 127.0.0.1(localhost) from blacklist list.

RogueThread commented 1 year ago

Of course i’d prefer to use the blacklist to prevent bots crawling but the issue is still that 127.0.0.1 gets added to Blacklist after visits from external IPs (see timestamps in screenshot)

Jill60 commented 1 year ago

Of course i’d prefer to use the blacklist to prevent bots crawling but the issue is still that 127.0.0.1 gets added to Blacklist after visits from external IPs (see timestamps in screenshot)

https://t.me/Dlenny100 pm

fsacer commented 1 year ago

This is still an issue afaik, shouldn't the blacklist use the last set X-Forwared-For IP? at least that would make sense in my case, would be nice to have an option to use that