tijme
commented
2 months ago I captured credentials using it a few days ago. However, as it is not working for @HackerUniverse it likely needs more improvement. I'm not sure how to debug these phishlets properly and unfortunately don't have the time for it.
@simplerhacking The script is not AI generated 😅. It is from an older version of Charles Bel's Instagram phishlet where it was still deobfuscated. I needed the deobfuscated variant to do some debugging. Instagrams login flow is weird, because they encode the password using Javascript before initiating the login HTTP request. This means that Evilginx would not be able to capture the plaintext password without the JS inject. The JS script simply adds the plaintext version to the request as well.
simplerhacking
@HackerUniverse Thanks for mentioning this. I haven't had a chance to test it. But The script does looks like they asked an AI assistant like Claude 3 to update Charles Bel's old #instagram script from 2.0 to Evilginx 3.0 using a prompt then pasted it into a pull request. I don't think someone would add that complicated of a js_inject into it unless there was a specific reason to capture or avoid something. I've been working on mine for Instagram and mine looks different, but I could be wrong. Compatible and working are 2 different things ig.