-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Outlook phishlet missing correct domain? (goproxy related "Cannot write TLS response body from mitm'd client") #248
Comments
Please try to use the latest 2.3.1 version from |
Thanks Kuba. Will do so later today! |
PS: Maybe something to add. I am working on a Docker environment for training of some NGOs and journalists, combining Evilginx with GoPhish etc. Can this problem be somewhat related to a Dockerized environment? |
I got the latest version 2.3.1 The config is the following for O365 (TLS handshake errors still appear)
I receive the following error by MS (this also happens when I change the redirect_url to www.office365.com) |
I setup the outlook Phishlet with similar problems:
What I just noticed, by using different accounts, entering username and password works (even getting logged by Evilginx2). However after clicking on submit for the password, the error appears right away and I dont see the screen for the second factor OTP. Is it possible that this is related to docker? However I explicitly expose the ports to my public IP The config is:
|
Hi Kuba, I just tried it on a local Kali box and there it works.
However I dont see the Could it be that the alpine docker image is causing that problem? EDIT:
It displays the username and password screen but break on the OTP one EDIT2:
EDIT3: A test from inside the container via curl seems to work:
Best |
Wow. Thanks for all this information. I will try to look into it as it is indeed strange. |
Sure, I try to learn something from this and make it, hopefully, a bit easier for you ;) I also attach my modified Dockerfile FYI
|
I noticed this line:
Are you running Evilginx with developer flag? This will only use self-signed certificates which will result in TLS errors. |
Actually both. I tried it with developer and with the LetsEncrypt certs. What I noticed is the difference in the missing line: I assume the TLS errors originate exactly because of what you mentioned, the self signed certs. To verify this I will run it with LetsEncrypt again. Any idea why there is the handshake error with unknown tls certificate? |
Hey @kgretzky However the redirect error still exists. Interestingly enough, the login page for the username and the second page for the password works. Username and password is captured too. The third page is then broken. I tried it with two different users, one with OTP enable and one without. |
Hi @kgretzky Something I noticed during testing, and maybe that's helpful.
|
I haven't updated the outlook phishlet for several months now and it is very possible that they did some additional security checks. You'd need to reverse engineer the javascript they use and replace the security checks with If you see the error message printed from the web server, it means the certificate works. |
I just checked it on my local Kali Linux box. It totally works fine there. Local evilginx2 (2.3.1) - works This is super strange. What would make evilginx break running inside a container. |
@kgretzky I think I found the problem (even though I am not able to explain it). I used a DigitalOcean droplet for my tests. To analyse further, I installed evilginx 2.3.1 directly onto the droplet (no docker). |
So were you able to fix this and how? I have only tested with setup in server from onecloud, experiencing the same issue... |
@HachimanSec any help with this man? i am still facing this issue, in my local kali and hosting in one cloud. Please let me know how you fixed |
Hi @HachimanSec, Can you please share your email address?, badly need a little help with outlook yaml. Thanks |
Hello, Any update on this outlook issue ? Thanks |
anybody made headway on this? |
@kgretzky has the issue been resolved? I am still facing this error when for my tests when installing evilginx 2.4.2 directly onto a DigitalOcean droplet without docker. |
Hi,
I just tried out the latest version (2.3.0) of evilginx2 and played with outlook and o365 phishlets.
Strangely both fail, I assume because a domain is missing in the yaml (I am not really sure about this yet, as I just have to work my head around the config files).
When I open a browser, I see the login and password screens just as expected. However when I click on the submit of the password, I receive an error from Microsoft:
Any ideas if the yaml needs to be adjusted?
At the same time the console gives continuous TLS errors
2019/03/20 21:39:55 [121] WARN: Cannot handshake client outlook.live.com remote error: tls: unknown certificate
2019/03/20 21:39:55 [124] WARN: Cannot handshake client login.live.com remote error: tls: unknown certificate
The text was updated successfully, but these errors were encountered: