You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, Evilginx only saves sessions when all tokens, including 2FA tokens, are captured. This means that if a user enters a correct username and password but does not approve the 2FA, the session is not stored. This limitation prevents the collection of sessions based solely on valid username and password entries.
For example:
When a user enters the correct username and password, I capture "cookieexample1."
When a user approves the 2FA, I capture "cookieexample2."
This way, I have a perfect method to know if a user declines 2FA but enters the correct credentials.
So, if a user doesn't approve 2FA, the session is considered not captured, which is correct. However, it would be a great feature for statistics if you could somehow flag sessions as "correct credentials but declined 2FA."
The text was updated successfully, but these errors were encountered:
Currently, Evilginx only saves sessions when all tokens, including 2FA tokens, are captured. This means that if a user enters a correct username and password but does not approve the 2FA, the session is not stored. This limitation prevents the collection of sessions based solely on valid username and password entries.
For example:
This way, I have a perfect method to know if a user declines 2FA but enters the correct credentials.
So, if a user doesn't approve 2FA, the session is considered not captured, which is correct. However, it would be a great feature for statistics if you could somehow flag sessions as "correct credentials but declined 2FA."
The text was updated successfully, but these errors were encountered: