Hey great project.

[ssl-user-en]

Hey this is a great tool. I was wondering if there are any tutorials how your tool will work that would be of great help.

[v-byte-cpu]

Hi @ssl-user-en, thanks! The tool is currently under active development. I started developing it two weeks ago after experiencing the limitations of evilginx2. The main focus is on the following things:

• lightweight, it should be easy to setup without complicated phishlet configs
• speed, it must perform streaming processing of the response body instead of reading the whole response body into process memory (what happens in evilginx)
• flexibility, it should work with almost all sites out of the box with minimal configuration (like just list of session cookie names)

I use the following technical features to achieve this goal:

• only one wildcard tls certificate (no longer need to setup NS records to forward DNS servers to the proxy)
• js fetch/xhr hook (replace all dynamic URLs with the appropriate ones that point to the proxy)
• session handling on the server (authentication with specific lure URLs like in evilginx)
• cookie jar per session to persist all response cookies on the proxy and imitate legitimate browser session (not implemented yet)

I haven't written a tutorial on how to use the tool yet, but I will when I make the first fully working version. I hope to complete it in the next few days. Stay tuned!

[ssl-user-en]

Hey glad to hear that, I'd be happy to contribute in configs for your. Also do check out the tool cipherginx on github. It is doing some interesting things and features you can add in your tool. It injects hosts on the fly in the requests which is really helpful.

[v-byte-cpu]

Awesome! I will examine the source code of the cipherginx. But could you please elaborate on what you mean by injecting hosts on the fly ?

[ssl-user-en]

It uses original Host Header Injection so that the server responds in a correct manner. You can test the tool so that you understand what i am trying to say.

[Jn39]

Hey @ssl-user-en this is a good stuff you got going, and is it ready yet.

[v-byte-cpu]

Hi @Jn39, actually yes, I have already tested my tool on some popular platforms with enabled 2FA and it works fine. I just need to take some time to document the instructions on how to use it.

[Jn39]

Great! can't wait

On Wed, Jun 1, 2022 at 6:27 PM v-byte-cpu @.***> wrote:

Hi @Jn39 https://github.com/Jn39, actually yes, I have already tested my tool on some popular platforms with enabled 2FA and it works fine. I just need to take some time to document the instructions on how to use it.

— Reply to this email directly, view it on GitHub https://github.com/v-byte-cpu/juicyrout/issues/16#issuecomment-1143917919, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQTKZME2IIK7HT5LXHEH3IDVM6MPTANCNFSM5B5PJ6BQ . You are receiving this because you were mentioned.Message ID: @.***>

[Jn39]

Also can u add a telegram web hook on a successful Oauth

[rhks]

hey it's been months. we still waiting and hopeful

[v-byte-cpu]

guys, sorry for the delay, I will try to update the project next weekend

[rhks]

is there a way we could reach u?

[Jn39]

Also can u add a telegram web hook on a successful Oauth

On Wed, Jun 1, 2022 at 11:07 PM Megan Jennie @.***> wrote:

Great! can't wait

On Wed, Jun 1, 2022 at 6:27 PM v-byte-cpu @.***> wrote:

Hi @Jn39 https://github.com/Jn39, actually yes, I have already tested my tool on some popular platforms with enabled 2FA and it works fine. I just need to take some time to document the instructions on how to use it.

— Reply to this email directly, view it on GitHub https://github.com/v-byte-cpu/juicyrout/issues/16#issuecomment-1143917919, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQTKZME2IIK7HT5LXHEH3IDVM6MPTANCNFSM5B5PJ6BQ . You are receiving this because you were mentioned.Message ID: @.***>

[Dazmed707]

Video tutorial ready?