evilginx2 icon indicating copy to clipboard operation
evilginx2 copied to clipboard

Published 20 hours ago verified publisher icon kgretzky

Instagram phishlet fails to load images

Open LarmonH opened this issue 3 years ago • 8 comments

I can successfully capture session cookies and import them from the attacker machine to "hijack" a session, but on the victim side, they see this: image I would like to add that I've set up A records in accordance with the results of "phishlets get-hosts Instagram" which includes things like img.instagram.myDomain.com, i.instagram.myDomain.com, etc. where "myDomain" is the domain I've set up and connected to DigitalOcean.

LarmonH avatar Feb 17 '22 01:02 LarmonH

I have the same problem, @kgretzky any update on this? I have also used the latest patch from @charlesbel PR (https://github.com/kgretzky/evilginx2/pull/611) but the problem was still not fixed. I have also tried to fix the phishlet but with no satisfactory results so far.

wirespecter avatar Mar 09 '22 14:03 wirespecter

I have the same problem, @kgretzky any update on this? I have also used the latest patch from @charlesbel PR (#611) but the problem was still not fixed. I have also tried to fix the phishlet but with no satisfactory results so far.

Have you had any luck so far? My guess is the phishlet is missing one of the domains that Instagram pulls images from but I've had no luck trying to fix it.

LarmonH avatar Mar 18 '22 16:03 LarmonH

@LarmonH I managed to do it, now it loads all the images correctly except for the ones that are round shaped right under the search bar. (But I will make them load as well soonish, I'm getting there).

You are correct about your above guess. It doesn't pull the images from the correct domain. By the way, I have one more problem, when I enter the credentials another tab opens where I am logged in and the previous one loads continuously (like it is trying to log in), have you managed to fix this one?

wirespecter avatar Mar 22 '22 21:03 wirespecter

@wirespecter I also noticed that. Something must be causing a new tab to be opened upon the user inputting credentials rather than just logging in on the original tab. I haven't had any luck trying to fix it as I've been focussed on the images problem. I would like to take a look at your solution to that by the way whenever's convenient for you.

LarmonH avatar Mar 23 '22 02:03 LarmonH

I will gladly show you the solution for the images if you could help me please with the tab opening bug, I have already spent so much time on this. It seems to happen when a post request is sent to /accounts/login/ajax (maybe we need to catch this by using js inject and do something else with it, that's my guess)

wirespecter avatar Mar 23 '22 20:03 wirespecter

I found some more info about this, it seems that instagram's "link shim" is responsible for the new tab. A script takes the new link and translates it to: "l.instagram.com/URL" where the redirection happens.

wirespecter avatar Mar 26 '22 17:03 wirespecter

Update: I found a solution for the tab opening as well! It took me only 7 days :( It gets easy when you start to debug the javascript, thanks everybody for not helping at all! Cheers!! Later world!!

wirespecter avatar Mar 26 '22 19:03 wirespecter

@wirespecter Apologies for not finding the fix before you, I've been very busy with school. I'm sure the developers would appreciate you sharing how you fixed the phishlet (more specifically @charlesbel on his updated phishlets page: https://github.com/charlesbel/Evilginx2-Phishlets). Give it some consideration.

LarmonH avatar Mar 26 '22 19:03 LarmonH

Hello dear @wirespecter , could you help me I'm having the same problems opening a new tab and problems loading the images.

roux3 avatar Nov 09 '22 21:11 roux3