qgrosperrin
commented
7 months ago This is more or less a feature request, as I feel this capability doesn't exist currently.
Open qgrosperrin opened 7 months ago
qgrosperrin
commented
7 months ago This is more or less a feature request, as I feel this capability doesn't exist currently.
I'm trying use several phishing domains for a single use case. What's the proper way to configure Evilginx in cases where the normal user flow is similar to the below.
Step 1. Legit landing page is on domainA.com. My login parameter in the phishlet is configured to point to that. This page includes SAML that affects the redirect in step two. App specific domain, where authenticated is behind SSO authentication. Step 2. Redirect to domainB.com where the user is presented with the login screen , where they can submit creds which are captured by Evilginx. That's the main SSO domain here. Step 3. The MFA prompt is presented from a third domain domainC.com (push notification only). Once validated, user is redirected back to domainB.com then domainA authenticated page. Dedicated site for MFA approvals.
In my config, I'm using different subdomains for each step in my phishlet, but this means for the end users all they see are requests going to step1.myphishingdomain.com, then step2.myphishingdomain.com, then step3.myphishingdomain.com. I would rather have the users visit 3 different domains (all pointing back to my Evilginx IP) which are best suited for each step (i.e. , sub.myphishingdomain1.com, sub.myphishingdomain2.com, and sub.myphishingdomain3.com)
Hope that makes sense. Overall it works like this, but just wanted to make it more authentic compared to expected login flow.