Evilginx2 is a man-in-the-middle attack framework used to capture credentials connections with electronic fishing (phishing) together with cookie session, which in turn allows 2-factor authentication (2FA) to be bypassed.
This tool is a successor to Evilginx, released in 2017, which used a custom version of the server http nginx for man-in-the-middle functionality. So he could act as server mediation between a preletterbrowsing and a phishing site.
This version is completely written from scratch and works as a standalone application, which runs its own HTTP and DNS server, making it extremely easy to set up and use.
Installation
[pastacode manual=”sudo%20apt-get%20-y%20install%20git%20make%0D%0Agit%20clone%20github.com%2Fkgretzky%2Fevilginx2%0D%0Acd%20evilginx2%0D%0Amake” provider=”manual” lang=”php”/] ή[pastacode manual = ”sudo% 20make% 20install% 0D% 0Asudo% 20evilginx” provider = ”manual” lang = ”php” /]
Use
[pastacode manual=”Usage%20of%20.%2Fevilginx%3A%0D%0A-debug%0D%0AEnable%20debug%20output%0D%0A-p%20string%0D%0APhishlets%20directory%20path” provider=”manual” lang=”php”/]Video guide
https://www.youtube.com/watch?v=8mfsF5Qdqw0
Application snapshots
You can download the program from here.