evilginx2 icon indicating copy to clipboard operation
evilginx2 copied to clipboard

Published 20 hours ago verified publisher icon kgretzky

**ERR_TOO_MANY_REDIRECTS.

Open Gta0147 opened this issue 2 years ago • 1 comments

ERR_TOO_MANY_REDIRECTS. everything has work except the landing page is not opening

Gta0147 avatar Oct 08 '22 13:10 Gta0147

have the same problem ... Have you found a solution?

arnaudderison avatar Oct 24 '22 20:10 arnaudderison

I had to patch the code to solve this. It appears to be a bug though I am not 100% certain why. My code is hacky af otherwise I would do a PR.

Here is what I did though.

First I added a new variable to the Session object called NumRedirects added in session.go:

In the Session struct on line 7 I added a new variable: NumRedirects int

Note: There is already a RedirectCount variable but this is used elsewhere in the code and was not working for me so I added a new variable so as to not mess with that one.

Then when the Session is initialized on line 25 initialize the NumRedirects variable: NumRedirects: 0,

Then on line 385 on http_proxy.go:

e_host := req.Host
if r_host, ok := p.replaceHostWithOriginal(req.Host); ok {
	if ps.SessionId != "" {
		if s, ok := p.sessions[ps.SessionId]; ok {
			if strings.Contains(req.RequestURI, "/login/login.htm") {
				s.NumRedirects += 1
			}
		}
	}
				    req.Host = r_host
}

Replace "/login/login.htm" with the URL that you are receiving too many redirects on. I used Burp to determine the problematic URL. This URL is related to the Okta phishlet. I am working on a way to provide this in the lure but for now I am hard coding it.

Finally I added some code to the if statement which starts on line 864 return resp around line 888 in the OnResponse function for the proxy add the following (my additions surrounded by **):

			if pl != nil && ps.SessionId != "" {
				s, ok := p.sessions[ps.SessionId]
				if ok && s.IsDone {
					log.Debug("Redirect Count is %s", s.RedirectCount)
					if s.RedirectURL != "" && s.RedirectCount == 0 {
						if stringExists(mime, []string{"text/html"}) {
							// redirect only if received response content is of `text/html` content type
							s.RedirectCount += 1
							log.Important("[%d] redirecting to URL: %s (%d)", ps.Index, s.RedirectURL, s.RedirectCount)
							resp := goproxy.NewResponse(resp.Request, "text/html", http.StatusFound, "")
							if resp != nil {
								r_url, err := url.Parse(s.RedirectURL)
								if err == nil {
									if r_host, ok := p.replaceHostWithPhished(r_url.Host); ok {
										r_url.Host = r_host
									}
									resp.Header.Set("Location", r_url.String())
								} else {
									resp.Header.Set("Location", s.RedirectURL)
								}
								return resp
							}
						}
					}
					**if s.NumRedirects > 4 {
						resp.Header.Set("Location", s.PhishLure.RedirectUrl)
						s.NumRedirects = 0

					}**
				}
			}

Then build that sucker. This code is a little hacky so use with caution.

Andross avatar Oct 25 '22 14:10 Andross

Hello! If you were already able to resolve your doubts and achieve your goals, close the issue so that we know which ones are pending.

Thank you!

Support-1535 avatar Oct 26 '22 22:10 Support-1535