search

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.86k stars 1.95k forks source link

Blacklist.go does not support IPv6 addresses. #949

Open justin-p opened 1 year ago

justin-p commented 1 year ago

Hi,

I ran into some issues with IPv6 source addresses and the blacklisting function.

[09:58:46] [err] failed to blacklist ip address: [2604 - blacklist: invalid ip address: [2604
[09:58:53] [err] failed to blacklist ip address: [2a01 - blacklist: invalid ip address: [2a01
[10:00:48] [err] failed to blacklist ip address: [2a0b - blacklist: invalid ip address: [2a0b

After checking the src of blacklist.go it seems that the current implementation only supports IPv4 addresses. Are there any plans on adding IPv6 support ?

jpatw commented 1 year ago

The "remote ip" field under sessions also fails to show IPv6 addresses correctly. It seems they are cut off after the first colon.

Ethansi2947E commented 7 months ago

how do you check the blacklists?

stackerofwheat commented 2 months ago

the evilginx feed always says it blocks these ipv6 addressses because it only recognizes the first 4 characters before the colon and therefore doesn't recognize it as a valid ip address. but when i check blacklist.txt it never contains them.