Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.23k
stars
1.87k
forks
source link
How to exempt redirect_uri in request url from being replaced with phishing domain #990
Hi.
I am facing the following problem.
Evilginx is replacing the redirect_uri value with the phishing domain. Due to that I get a nicely 400 bad request back. Tried to solve this with sub_filters to no avail.
Target is my Okta dashboard.
Can someone please advise how to change this behaviour.
Thx and cheers
ligmaSec
commented
4 months ago
Hi. I am facing the following problem. Evilginx is replacing the redirect_uri value with the phishing domain. Due to that I get a nicely 400 bad request back. Tried to solve this with sub_filters to no avail. Target is my Okta dashboard. Can someone please advise how to change this behaviour. Thx and cheers