evilginx2 gsuite.yaml

A working google yaml file!

Jul 21 '21 08:07 ghost

Can you contact me via email [email protected] ? I've tested the PR and have several questions.

Jul 22 '21 08:07 kgretzky

google yaml не работает. Вводит имя нормально, но не открывает страницу для ввода пароля.

Jul 28 '21 13:07 Aleksandr3313

@Aleksandr3313 The correct file name is gsuite.yaml - could you retest in a gsuite account login? it should work.

Aug 01 '21 06:08 ghost

gsuite.yaml файла не нашел в phishlets нашел только google.yaml

Aug 01 '21 07:08 Aleksandr3313

google yaml не работает. Вводит имя нормально, но не открывает страницу для ввода пароля.

Aug 01 '21 07:08 Aleksandr3313

@Aleksandr3313 I was trying to explain that the template I suggested here was only tested against G-Suite, not regular gmail.

Aug 01 '21 14:08 ghost

gsuite.yaml проверил все работает хорошо

Aug 01 '21 15:08 Aleksandr3313

only works til it asks for password :(

Aug 04 '21 13:08 athena2001

@athena2001 I encountered a very similar symptom when I had setup the nameservers wrong, please follow the tutorial here and update when it all works :)

Aug 04 '21 18:08 ghost

Это хорошо но хотелось бы и простую почту gmail открывать через evilginx, а так же vk, yandex, telegram, mail, открывать через evilginx и тд... а phishlets к ним так и нет. А ведь это крупные платформы в интернете

Aug 04 '21 19:08 Aleksandr3313

Это хорошо но хотелось бы и простую почту gmail открывать через evilginx, а так же vk, yandex, telegram, mail, открывать через evilginx и тд... а phishlets к ним так и нет. А ведь это крупные платформы в интернете

This PR is not related to those sites.

@tomelic Thanks for the phishlet and excellent write up. In my testing, the injected JavaScript doesn't do anything. Is there a concrete reason for it or is it copied over from other google templates? I know the signin/v1 login page has similar code, but not sure if it is required for signin/v2. Also, I found that the search field for password may capture a captcha token (in place of the password) if captcha is present.

Aug 06 '21 12:08 ghost

@TomAbel Not a real reason, mostly there for backup since I tested with it - but I believe will work without it as well so you can just remove it before approval. As for the search field, have not encountered in my testing so can't tell!

@kgretzky could you approve pull request?

Aug 08 '21 06:08 ghost

Кто ни будь phishlets, сделал чтоб попробовать gmail, vk, mail, telegram, на evilginx?

Aug 08 '21 15:08 Aleksandr3313

Hey guys, this template seems to work, why isn't it a being approved????? It's insane!!!

Aug 12 '21 11:08 Darkingoat

Doesn't appear to work any longer.

Nov 21 '21 02:11 vysecurity

@vysecurity have you tried against g-suite? (Rather than plain gmail)

Also, did you follow the steps shown here? https://cilynx.com/how-to/evilginx2-vs-2fa-phishing/424/

Nov 21 '21 02:11 ghost

Yep Gsuite, followed all steps. Even only whitelisted my own IP ranges to prevent any bot from reading it.

Maybe you have some new ideas? I wonder what it was detecting previously? It stops after putting in username. That said, I'm using EC2.

Nov 21 '21 02:11 vysecurity

This was used by my team multiple times and captured full username pass & session cookies

Umm Any errors on evilginx load? How did you handle the ns config?

Nov 21 '21 02:11 ghost

Actually, for NS config I used a special technique. I'll try the standard config you're using.

OK It works, but with a few bugs. Either way, it works.

Nov 21 '21 07:11 vysecurity

@kgretzky approve the pull request? :)

Nov 21 '21 10:11 ghost

does this still works? i tried the google.yaml file but it doesnt work for me

Jan 13 '22 14:01 ankushgoel27

does this still works? i tried the google.yaml file but it doesnt work for me

The base phishlet I have 100% works for gsuite accounts. There's a guide on my profile on how to upgrade the base phishlet so it'll work for google accounts as well.

Feb 10 '22 20:02 ghost