phishlets icon indicating copy to clipboard operation
phishlets copied to clipboard

Published 20 hours ago verified publisher icon hash3liZer

Infinite loading when entering Google Account name and pressing next

Open EvilAdcid opened this issue 5 years ago • 9 comments

When I enter an account name and click "next" it will infinitely load with the blue bar at the top of the Google login box. There is no debug information besides this:

: 2019/10/12 13:46:33 [008] WARN: Cannot handshake client ssl.gstatic.com remote error: tls: unknown certificate 2019/10/12 13:46:34 [009] WARN: Cannot handshake client play.google.com remote error: tls: unknown certificate 2019/10/12 13:46:34 [010] WARN: Cannot handshake client accounts.google.com remote error: tls: unknown certificate 2019/10/12 13:46:34 [011] WARN: Cannot handshake client play.google.com remote error: tls: unknown certificate 2019/10/12 13:46:38 [012] WARN: Cannot handshake client accounts.google.com remote error: tls: unknown certificate 2019/10/12 13:46:47 [013] WARN: Cannot handshake client accounts.google.com remote error: tls: unknown certificate

But I do not think that is relevant to the problem.

Does this happen to anyone else? The username is also not logged but a session in EvilGinx is made with just the IP address.

EvilAdcid avatar Oct 12 '19 18:10 EvilAdcid

same error, server is in fr, dont know if thats an issue

StratoMusic avatar Oct 22 '19 06:10 StratoMusic

When testing with master branch of evilginx2 and google.yaml by @ewhit I am able to get as far as username and password, however Google returns an error, "You are trying to sign in from a browser or app that doesn't allow us to keep your account secure.”

I tried this branch and phishlet out in hopes that the features would mitigate this issue. However I observed something similar to others in this post. The browser became 'stuck' and

POST /jserror HTTP/1.1 Host: accounts-google.com.

If anyone is interested to compare notes, you can drop me a line at [email protected]

JSheadache avatar Nov 20 '19 19:11 JSheadache

When testing with master branch of evilginx2 and google.yaml by @ewhit I am able to get as far as username and password, however Google returns an error, "You are trying to sign in from a browser or app that doesn't allow us to keep your account secure.”

I tried this branch and phishlet out in hopes that the features would mitigate this issue. However I observed something similar to others in this post. The browser became 'stuck' and

POST /jserror HTTP/1.1 Host: accounts-google.com.

If anyone is interested to compare notes, you can drop me a line at [email protected]

I believe that you only get this error when using Google Chrome. From my testing, I can enter information on another browser such as edge without it detecting anything unusual.

Fummowo avatar Mar 20 '20 03:03 Fummowo

Nevermind, i've just tried out @ewhit's version and although it grabs the username and password, whatever browser you are on, google manages to detect it and will not sign you in, meaning you don't receive a cookie.

Fummowo avatar Mar 20 '20 03:03 Fummowo

That’s normal, study js bypass and you should be able to get pass it

horllste avatar Mar 20 '20 08:03 horllste

I have the same issue, and I was tinkering around and found out that the problem is here : replace: 'accounts-google.com.{domain}',

I tried to change the accounts-google.com to many different strings and then it would go to the next page saying sorry your browser is not secure

petr209 avatar Apr 12 '20 04:04 petr209

You have to bypass js, read the other related issues

horllste avatar Apr 12 '20 05:04 horllste