Runion
This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
Help - Scam Page With Cookie Grabber
- Thread starter nakedpoet
- Start date
a normal php based phishing kit will not be able to steal cookies due to cross-site origin policies. the ONLY way to hijack a user's session cookies is via a reverse proxy which basically logs them into the proxy's session, which is then just captured and reused.
this requires a vps and evilginx2 does it perfectly and free. don't get scammed by someone offering you a phishing kit that also steals cookies because the cookies will be attached to the phishing domain and not the actual website being phished.
I know someone with a BOA page similar to what you’ve described here. It captures cookies and doesn’t redirect like the static scamas. Once credentials have been entered, it logs into the account but instead of showing the actual domain, it displays the phishing link and stays that way, even while logged in and transactions are being made on the account. Been trying to wrap my head around that
In my personal opinion Modlishka is even better as MITM attack using reverse-proxy, take a look:
GitHub - drk1wi/Modlishka: Modlishka. Reverse Proxy.
Modlishka. Reverse Proxy. . Contribute to drk1wi/Modlishka development by creating an account on GitHub.
github.com
GitHub - drk1wi/Modlishka: Modlishka. Reverse Proxy.
Modlishka. Reverse Proxy. . Contribute to drk1wi/Modlishka development by creating an account on GitHub.
github.com
that's a reverse proxy. that's what evilginx2 does. imagine it like they're logging into a computer and when they log in, you run up and steal the computer from in front of them. the website sees the same exact computer and session, so it thinks you're the same exact person. the difference is that when they log in, the session is transferred to you and they're left with a new session so that they don't ruin the session that was transferred to you.
this cannot be done on an all-PHP phishing kit due to the cross-site origin policies. otherwise, you would just need to iframe the entire site and let them use the iframe and collect the cookies and log all keystroke events using javascript to capture credentials. there's a reason if you try to iframe other websites, a lot won't load and if they do, you cannot collect any data without them sharing it voluntarily.
this is why the all-PHP phishers are good for attempting to steal recovery credentials like photo ID, mmn, pin numbers, recovery question answers, etc. you'd need to sign in as the logs come in and redirect them immediately to the 2fa phisher or whatever is necessary to get into the account if more than user
ass is needed. with the reverse proxy, they enter the 2fa into the actual site, just proxied through your VPS and as soon as the session is created that gives full access to the account, it's transferred to you.Последнее редактирование: 05.03.2023
vei сказал(а):
that's a reverse proxy. that's what evilginx2 does. imagine it like they're logging into a computer and when they log in, you run up and steal the computer from in front of them. the website sees the same exact computer and session, so it thinks you're the same exact person. the difference is that when they log in, the session is transferred to you and they're left with a new session so that they don't ruin the session that was transferred to you.
this cannot be done on an all-PHP phishing kit due to the cross-site origin policies. otherwise, you would just need to iframe the entire site and let them use the iframe and collect the cookies and log all keystroke events using javascript to capture credentials. there's a reason if you try to iframe other websites, a lot won't load and if they do, you cannot collect any data without them sharing it voluntarily.
this is why the all-PHP phishers are good for attempting to steal recovery credentials like photo ID, mmn, pin numbers, recovery question answers, etc. you'd need to sign in as the logs come in and redirect them immediately to the 2fa phisher or whatever is necessary to get into the account if more than user
This has helped clear things up. Thanks
expert_kalash
Midle Weight
- Депозит
- $0
Live panel + cookie saver plagin is ok
you won't find 365 proxy reverse
you won't find 365 proxy reverse
a live panel would only be useful in a reverse proxy if you wanted to force the visitor into adding extra info like upload documents that it is them logging in. otherwise, a reverse proxy would already capture that the login credentials. from there, you would also have to craft your own POST to the actually log the visitor in into website to create the session incase it displays any 2fa/mfa.
also, a reverse proxy is a reverse proxy. as long as the reverse proxy logs proxied get/post/header data, he doesn't need to find one specific to 365 because it will simply reverse proxy the 365 site and mirror it to the victim. the only way a live panel could push cookie saving is to ask the user to install a browser extension to communicate with cross origin website data.
just my 2 cents.