ohpe
commented
5 years ago Aye, sounds a good idea but a bit tricky to handle multiple scenarios .. let me think about it. Maybe you can send a PR 😛
Closed snooze6 closed 4 years ago
ohpe
commented
5 years ago Aye, sounds a good idea but a bit tricky to handle multiple scenarios .. let me think about it. Maybe you can send a PR 😛
ohpe
commented
4 years ago Fixed in #29
A realistic use case might be to use muraena on a VPS administrating the domain through cloudflare or another proxy yet it seems impossible to do it at the moment (or perhaps I could have missed it in the documentation).
As cloudflare can manage the HTTPs certificate for us we could just serve the phishing website using http while of course the phishing server need to be connected to the real site through https.
If I disable tls support then all the traffic is established using http which is not helpful. For instance:
This attempt results in the victim being redirected to https://redacted_ip due to the redirect that the original page does.
Long story short: I believe that it is a good improvement to have the ability to choose wether the server connects to the victim website using https or http regardless of the protocol that the phishing server is using.