You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all, I would like to thank you for your efforts on this tool. I have a little question that;
I have config with three subdomains similar to facebook and I get "'Access-Control-Allow-Origin' header in the response must not be the wildcard" error for one of my phishing_subs.. I have checked following similar issue and can verify that I have unique phis_sub values..
If the response from a website returns a CSP policy then, i think it's great to return the wildcard in the Access-Control header. However, you can change this behaviour by editing one or more lines in the http_proxy.go file. Here's the thread:
Hi,
First of all, I would like to thank you for your efforts on this tool. I have a little question that;
I have config with three subdomains similar to facebook and I get "'Access-Control-Allow-Origin' header in the response must not be the wildcard" error for one of my phishing_subs.. I have checked following similar issue and can verify that I have unique phis_sub values..
#244
I just wonder that under what circumstances Evilginx2 can't pass origin policy?
Best regards,
Phislet summary
min_ver: '2.3.0'
proxy_hosts:
sub_filters:
When I check legitimate and phissed requests on my webserver, I can see that origin header is set properly as ""https://www.mytarget.com/""
x.x.x.x - - x.x.x.x - - [02/May/2019:10:47:44 +0300] "OPTIONS /api/modules/GetAppModule HTTP/1.1" 204 0 "https://www.mytarget.com/" "653" "/api/modules/GetAppModule" "Safari/537.36" "-" "https://www.mytarget.com"
y.y.y.y - - y.y.y.y - - [02/May/2019:10:50:33 +0300] "OPTIONS /api/modules/GetAppModule HTTP/1.1" 204 0 "https://www.mytarget.com/" "671" "/api/modules/GetAppModule" "Safari/537.36" "-" "https://www.mytarget.com"
counsole out
debug_out.txt
The text was updated successfully, but these errors were encountered: