Evilginx – Man-in-the-middle attack framework used for phishing credentials & session cookies of any web service.

lee / April 3, 2017 / Comments Off / Framework, Penetration Test

Evilginx is a man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. It’s core runs on Nginx HTTP server, which utilizes proxy_pass and sub_filter to proxy and modify HTTP content, while intercepting traffic between client and server.

Evilginx – Advanced Phishing With Two-factor Authentication Bypass

Dependencies:
+ Python 2.7.x

Usage:

git clone https://github.com/kgretzky/evilginx && cd evilginx
python evilginx_parser.py -i /var/log/evilginx-google.log -o ./logs -c google.creds

1 2	git clone https://github.com/kgretzky/evilginx && cd evilginx python evilginx_parser.py -i /var/log/evilginx-google.log -o ./logs -c google.creds

Source: https://github.com/kgretzky

Tags: cookie, credentials, MITM, Python Script, session hijacking

Archives

Evilginx – Man-in-the-middle attack framework used for phishing credentials & session cookies of any web service.