Locked Evilginx2 v3.1 - MITM attack framework that allow to bypass 2-factor authentication

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.

This tool is a successor to Evilginx, released in 2017, which used a custom version of the nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. The present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use.

Disclaimer

I am very much aware that Evilginx can be used for nefarious purposes. This work is merely a demonstration of what adept attackers can do. It is the defender’s responsibility to take such attacks into consideration and find ways to protect their users against this type of phishing attack. Evilginx should be used only in legitimate penetration testing assignments with written permission from to-be-phished parties.

Changelog v3.1

    Feature: Listening IP and external IP can now be separated with config ipv4 bind <bind_ipv4_addr> and config ipv4 external <external_ipv4_addr> to help with properly setting up networking.
    Fixed: Session cookies (cookies with no expiry date set) are now correctly captured every time. There is no need to specify :always key modifier for auth_tokens to capture them.
    Fixed: Captured custom tokens are now displayed properly and values are not truncated

This is the hidden content, please

• Sign In
• or
• Sign Up