evilginx2
Man-in-the-middle attack framework for phishing login credentials and session cookies to bypass 2-factor authentication. Successor to Evilginx, fully rewritten in Go with built-in HTTP and DNS servers for easy setup.
Description
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which allows attackers to bypass 2-factor authentication protection. This tool is particularly effective for targeting authentication systems that rely on both passwords and secondary factors like TOTP or push notifications.
As the successor to the original Evilginx released in 2017, evilginx2 replaces the custom nginx-based proxy with a fully standalone Go application. It implements its own HTTP and DNS servers, making it extremely easy to set up and use without external dependencies.
The framework proxies traffic between victims' browsers and legitimate websites while capturing both credentials and session tokens. This enables persistent access even after the victim changes their password or revokes sessions.
How It Works
evilginx2 operates as a reverse proxy with built-in HTTP and DNS servers. It acts as a man-in-the-middle between the victim's browser and the target website, intercepting login credentials and session cookies during the authentication process. By capturing valid session tokens alongside credentials, it bypasses 2FA protections since the stolen session remains valid server-side. The Go implementation eliminates nginx dependencies, providing a self-contained solution with custom certificate handling.
Installation
sudo apt install evilginx2Flags
Examples
evilginx2 -hevilginx2 -debugevilginx2 -developerevilginx2 -c /path/to/configevilginx2 -p /path/to/phishletsevilginx2 -debug -developer