Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hey great project. #16

Open
ssl-user-en opened this issue Aug 11, 2021 · 13 comments
Open

Hey great project. #16

ssl-user-en opened this issue Aug 11, 2021 · 13 comments

Comments

@ssl-user-en
Copy link

Hey this is a great tool. I was wondering if there are any tutorials how your tool will work that would be of great help.
@v-byte-cpu
Copy link
Owner

v-byte-cpu commented Aug 11, 2021
edited
Loading

Hi @ssl-user-en, thanks! The tool is currently under active development. I started developing it two weeks ago after experiencing the limitations of evilginx2. The main focus is on the following things:

  • lightweight, it should be easy to setup without complicated phishlet configs
  • speed, it must perform streaming processing of the response body instead of reading the whole response body into process memory (what happens in evilginx)
  • flexibility, it should work with almost all sites out of the box with minimal configuration (like just list of session cookie names)

I use the following technical features to achieve this goal:

  • only one wildcard tls certificate (no longer need to setup NS records to forward DNS servers to the proxy)
  • js fetch/xhr hook (replace all dynamic URLs with the appropriate ones that point to the proxy)
  • session handling on the server (authentication with specific lure URLs like in evilginx)
  • cookie jar per session to persist all response cookies on the proxy and imitate legitimate browser session (not implemented yet)

I haven't written a tutorial on how to use the tool yet, but I will when I make the first fully working version. I hope to complete it in the next few days. Stay tuned!

@ssl-user-en
Copy link
Author

Hey glad to hear that, I'd be happy to contribute in configs for your. Also do check out the tool cipherginx on github. It is doing some interesting things and features you can add in your tool. It injects hosts on the fly in the requests which is really helpful.

@v-byte-cpu
Copy link
Owner

Awesome! I will examine the source code of the cipherginx. But could you please elaborate on what you mean by injecting hosts on the fly ?

@ssl-user-en
Copy link
Author

It uses original Host Header Injection so that the server responds in a correct manner. You can test the tool so that you understand what i am trying to say.

@Jn39
Copy link

Jn39 commented Jun 1, 2022

Hey @ssl-user-en this is a good stuff you got going, and is it ready yet.

@v-byte-cpu
Copy link
Owner

Hi @Jn39, actually yes, I have already tested my tool on some popular platforms with enabled 2FA and it works fine. I just need to take some time to document the instructions on how to use it.

@Jn39
Copy link

Jn39 commented Jun 1, 2022 via email

@Jn39
Copy link

Jn39 commented Jun 2, 2022

Also can u add a telegram web hook on a successful Oauth

@rhks
Copy link

rhks commented Sep 20, 2022

hey it's been months. we still waiting and hopeful

@v-byte-cpu
Copy link
Owner

guys, sorry for the delay, I will try to update the project next weekend

@rhks
Copy link

rhks commented Sep 21, 2022

is there a way we could reach u?

@Jn39
Copy link

Jn39 commented Oct 11, 2022 via email

@Dazmed707
Copy link

Video tutorial ready?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Dazmed707 @v-byte-cpu @Jn39 @ssl-user-en @rhks