Search the Community

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use. EvilGinx 2 2.3.0 – New Features & Fixes Proxy can now create most of required sub_filters on its own, making it much easier to create new phishlets. Added lures, with which you can prepare custom phishing URLs with each having its own set of unique options (help lures for more info). Added OpenGraph settings for lures, allowing to create enticing content for link previews. Added ability to inject custom Javascript into proxied pages. Injected Javascript can be customized with values of custom parameters, specified in lure options. Deprecated landing_path and replaced it with login section, which contains the domain and path for website’s login page [HIDE][Hidden Content]]