Sniffing & Spoofing Social Engineering

evilginx2 v2.3 releases: MITM attack framework that allow to bypass 2-factor authentication

do son January 22, 2019 No Comments evilginx2

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.

This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. The present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use.

Disclaimer

I am very much aware that Evilginx can be used for nefarious purposes. This work is merely a demonstration of what adept attackers can do. It is the defender’s responsibility to take such attacks into consideration and find ways to protect their users against this type of phishing attacks. Evilginx should be used only in legitimate penetration testing assignments with written permission from to-be-phished parties.

Changelog v2.3

  • – Proxy can now create most of required `sub_filters` on its own, making it much easier to create new phishlets.
  • – Added lures, with which you can prepare custom phishing URLs with each having its own set of unique options (`help lures` for more info).
  • – Added OpenGraph settings for lures, allowing to create enticing content for link previews.
  • – Added ability to inject custom Javascript into proxied pages.
  • – Injected Javascript can be customized with values of custom parameters, specified in lure options.
  • – Deprecated `landing_path` and replaced it with `login` section, which contains the domain and path for website’s login page.

Installation

Usage

IMPORTANT! Make sure that there is no service listening on ports TCP 443, TCP 80 and UDP 53. You may need to shutdown apache or nginx and any service used for resolving DNS that may be running. evilginx2 will tell you on launch if it fails to open a listening socket on any of these ports.

By default, evilginx2 will look for phishlets in ./phishlets/ directory and later in /usr/share/evilginx/phishlets/. If you want to specify a custom path to load phishlets from, use the -p <phishlets_dir_path> parameter when launching the tool.

Usage of ./evilginx:
-debug
Enable debug output
-p string
Phishlets directory path

You should see evilginx2 logo with a prompt to enter commands. Type help or help <command> if you want to see available commands or more detailed information on them.

evilginx2

Tutorial

Demo

Evilginx 2 – Next Generation of Phishing 2FA Tokens from breakdev.org on Vimeo.

Copyright (C) 2018 Kuba Gretzky (@mrgretzky)

Source: https://github.com/kgretzky/

Share