kgretzky
commented
5 years ago Hello.
Can you post some examples? Not sure I understand fully.
Closed techinnov-974 closed 5 years ago
kgretzky
commented
5 years ago Hello.
Can you post some examples? Not sure I understand fully.
techinnov-974
commented
5 years ago Hello
What I mean is for example in the case of facebook, we use our ndd xzy.com for the test we create a target url redirection once connect
$ phishlets get-url facebook https://www.google.com in output we have xzy.com/login.php?lmp=frrfxxxxxxx
$ phishlets unhide facebook
when we visit the url in output, it drops a cookie and when we visit the root of the domain "xzy.com/" it leads us to the facebook page home when we visit root of the domain "xzy.com/" without the cookie we are redirected to https://www.youtube.com/watch?v=dQw4w9WgXcQ
I want when we visit "xzy.com/" we arrive on the phishing facebook page
kgretzky
commented
5 years ago It won't happen unfortunately as the implementation of security token in URLs was implemented, so that domains do not get banned after 5 minutes of setting them up.
With the approach you want, you wouldn't be even able to use Evilginx at all.
Hello, would it be possible to access the domain without going through the token page?
I explain to have access to exx.com you have to access exx.com/login.php?/blabla for a cookie is deposited and when we put the url exx.com we arrived well on the page of facebook, or currently this is not the case without the cookie the page of redirection this puts in place.
Is it possible to post the facebook.com direct page via exx.com to the external person?
thank you