two factor not working !

[Phoenix1112]

hello my friend.. a few months ago this program was working very nicely.

there was no problem using this program on my own computer

but when I tried to use it on my vps server, I realized that 2-step verification is not working..

Is the problem due to my vps server or the program?

After 3 or 4 months, I'm thinking of publishing educational videos in udemy

I want to have credsniper program in my training videos..I hope this beautiful program always works

when are you considering publishing the new version of this program ?

or will you edit this program ?

[DakotaNelson]

Do you have.... literally any more information to help debug? This really isn't enough to go on.

[Phoenix1112]

i dont know.

[evanmillerboc]

I may be able to help provide more context on the issue here. I am not able to capture credentials or 2FA tokens.

DigitalOcean Ubuntu 16.04 box, updated packages before starting and did literally nothing else on the box.

When running a server with SSL, using gmail module and let's encrypt (as below), a user visiting the URL will be prompted for a username, then a password, then redirected. There does not appear to be any attempt to capture the 2FA, and the creds are not retained, at least not in a way I can view them via /creds/view.

1. Start up server like this:

root@REDACTED:/CredSniper# ./install.sh
Module to deploy (ex: gmail)? gmail
Final redirect URL: https://REDACTED.com
Enable SSL? [Y/n] Y
Enable two-factor phishing? [Y/n] Y
Enter hostname for certificates (ex: app.example.com): CredSniperURL.com
Port to listen on (default: 80/443)? 443

[*] Preparing environment...
[*] SSL Enabled: Y
[*] Hostname: REDACTED.com
[*] Two-factor: Y
[*] Loading Module: gmail
[*] Port: 443
[*] Destination URL: https://REDACTED.com

2. Attempt to log in via https://CredSniperURL.com
3. Get promted for username on one page, password on second.
4. Get redirected to redirect url. (No 2FA attempt that I can discern)
5. Try to at least view creds at https://CredSniperURL.com/creds/view?api_token=__TOKENGOESHERE__
   See only: {"creds":[]}

Log:

__re.da.ct.ed__ - - [30/Nov/2018 20:40:38] "GET / HTTP/1.1" 200 -
__re.da.ct.ed__ - - [30/Nov/2018 20:40:39] "GET /accounts/CheckConnection?pmpo=https%3A%2F%2F__redacted.hostname__&v=1955773570&timestamp=1543610424935 HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:40:39] "GET /accounts/static/_/js/k=gaia.gaiafe_glif.en.eTVqNRLH_Ls.O/m=P9M9H/am=ghaAAAAAAAwoEIRgMAMrAtMw/rt=j/d=0/rs=ABkqax1PgqMWHDiqpDYee-DsKLUhe8KNyw HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:40:39] "POST /jserror HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:40:39] "POST /jserror HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:40:40] "GET /_/common/diagnostics/?diagnostics=%5B%5B%5B%22gaia_fe_minutemaid%3Ass%22%2Cnull%2Cnull%2Cnull%2C1543610424724%5D%5D%5D&rt=j HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:40:58] "GET /config?api_token=__TOKENGOESHERE__ HTTP/1.1" 401 -
__re.da.ct.ed__ - - [30/Nov/2018 20:41:11] "GET /creds/view?api_token=__TOKENGOESHERE__ HTTP/1.1" 200 -
__re.da.ct.ed__ - - [30/Nov/2018 20:41:25] "GET /config?api_token=__TOKENGOESHERE__ HTTP/1.1" 200 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:10] "GET / HTTP/1.1" 200 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:10] "GET /accounts/static/_/js/k=gaia.gaiafe_glif.en.eTVqNRLH_Ls.O/m=P9M9H/am=ghaAAAAAAAwoEIRgMAMrAtMw/rt=j/d=0/rs=ABkqax1PgqMWHDiqpDYee-DsKLUhe8KNyw HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:11] "POST /jserror HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:11] "GET /accounts/CheckConnection?pmpo=https%3A%2F%2F__redacted.hostname__&v=1955773570&timestamp=1543610576287 HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:11] "POST /jserror HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:16] "GET /accounts/static/_/js/k=gaia.gaiafe_glif.en.eTVqNRLH_Ls.O/m=P9M9H/am=ghaAAAAAAAwoEIRgMAMrAtMw/
rt=j/d=0/rs=ABkqax1PgqMWHDiqpDYee-DsKLUhe8KNyw HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:17] "POST /accounts HTTP/1.1" 200 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:17] "GET /_/common/diagnostics/?diagnostics=%5B%5B%5B%22gaia_fe_minutemaid%3Ass%22%2Cnull%2Cnull%2Cnull
%2C1543610576014%5D%5D%5D&rt=j HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:18] "GET /accounts/static/_/js/k=gaia.gaiafe_glif.en.eTVqNRLH_Ls.O/m=P9M9H,ZJkSm,ssIgD,GJkP8c,HUb4Ab,sy
5q,DnoIKd,sy30,sy8o,YKZpNb,sy1o,sy1h,sy1n,sy2t,sy2u,VI9RTb,sy3s,sy8q,GEsPC/am=ghaAAAAAAAwoEIRgMAMrAtMw/rt=j/d=0/rs=ABkqax1PgqMWHDiqpDYee-DsK
LUhe8KNyw HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:18] "GET /accounts/CheckConnection?pmpo=https%3A%2F%2F__redacted.hostname__&v=-1371435606&times
tamp=1508384790025 HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:19] "GET /accounts/CheckConnection?pmpo=https%3A%2F%2F__redacted.hostname__&v=-1371435606&times
tamp=1543610584192 HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:19] "POST /jserror HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:19] "POST /jserror HTTP/1.1" 404 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:24] "GET /accounts/static/_/js/k=gaia.gaiafe_glif.en.eTVqNRLH_Ls.O/m=P9M9H,ZJkSm,ssIgD,GJkP8c,HUb4Ab,sy
5q,DnoIKd,sy30,sy8o,YKZpNb,sy1o,sy1h,sy1n,sy2t,sy2u,VI9RTb,sy3s,sy8q,GEsPC/am=ghaAAAAAAAwoEIRgMAMrAtMw/rt=j/d=0/rs=ABkqax1PgqMWHDiqpDYee-DsK
LUhe8KNyw HTTP/1.1" 404 -
/CredSniper/lib/python3.5/site-packages/mechanicalsoup/browser.py:70: UserWarning: No parser was explicitly specified, so I'm using the best
 available HTML parser for this system ("lxml"). This usually isn't a problem, but if you run this code on another system, or in a different
 virtual environment, it may use a different parser and behave differently.

The code that caused this warning is on line 70 of the file /CredSniper/lib/python3.5/site-packages/mechanicalsoup/browser.py. To get rid of
 this warning, pass the additional argument 'features="lxml"' to the BeautifulSoup constructor.

  response.soup = bs4.BeautifulSoup(response.content, **soup_config)
__re.da.ct.ed__ - - [30/Nov/2018 20:43:25] "POST /authenticate HTTP/1.1" 302 -
__re.da.ct.ed__ - - [30/Nov/2018 20:43:26] "GET /_/common/diagnostics/?diagnostics=%5B%5B%5B%22gaia_fe_minutemaid%3Ass%22%2Cnull%2Cnull%2Cnull
%2C1543610583885%5D%5D%5D&rt=j HTTP/1.1" 404 -
69.4.89.106 - - [30/Nov/2018 20:43:41] "GET / HTTP/1.1" 200 -
93.119.227.19 - - [30/Nov/2018 20:43:42] "GET / HTTP/1.1" 200 -

EDIT I realized that the .cache DOES contain a username and password, as I dug a bit deeper. The .sniped file is empty. No 2FA tokens to be found.

I hope this is helpful!

[evilginx]

@evanmillerboc two factor is working your computer?

[evanmillerboc]

@evilginx Sorry, no, 2FA is not working. I was trying to provide the context that OP did not. I edited my comment to hopefully better reflect that.

EDIT I realized that the .cache DOES contain a username and password, as I dug a bit deeper. The .sniped file is empty. No 2FA tokens to be found

Also worth noting, the user account I am testing with is a GSuite account with 2FA via only SMS enabled.

[leveled]

I'm running into the same error as @evanmillerboc as well, everything seems fine until the post to the /authenticate endpoint, at which point there is no attempt to steal 2FA tokens and the user is just returned back to the home page. Passwords are being logged normally.

[ghost]

Just wanted to jump in here and mention that I'm having a similar issue. CredSniper tries to go to https://FQDNHERE/finalurldestination instead of going to the the 2FA page. I have it set it the run flags as well.

[Phoenix1112]

İt is working now?? R3s-ryan?

[ghost]

İt is working now?? R3s-ryan?

No, I'm having an issue getting it to work as well. I'm not having any issues capturing credentials, but the 2FA page won't load.