Evilginx is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.
This tool is a successor to my mentors project Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use.
I am very much aware that Evilginx can be used for nefarious purposes and hope to stand against . This work is merely a demonstration of what adept attackers can do. It is the defender's responsibility to take such attacks into consideration and find ways to protect their users against this type of phishing attacks. Evilginx should be used only in legitimate penetration testing assignments with written permission from to-be-phished parties.
If you want everything about reverse proxy phishing with Evilginx - check out my EVILPR0XY Mastery course!
Learn everything about the latest methods of phishing, using reverse proxying to bypass Multi-Factor Authentication. Learn to think like an attacker, during your red team engagements, and become the master of phishing with Evilginx.
Grab it here: EVILPR0XY Mastery course!
If you want to learn more about reverse proxy phishing, I've published extensive blog posts about **** here: r providing or creating phishlets. I will also NOT help you with creation of you HACK ANYONE.