Evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies which in turn allows bypassing 2-factor authentication protection

Now I won't go into a detailed explanation on setting this up as there are plenty of sources even on its Github page and I can probably be using a different VPS provider that won't match these steps, but the basic configuration is:

Will choose our phishlets I chose LinkedIn

Configure the domain and IP and enable the phishlet

Once set evilginx2 will create an SSL certificate utilizing Let's Encrypt if this is unsuccessful you can do this manually but from here, we can create the lures and grab the URLs needed to send to the target

When the user logs in we will capture cleartext credentials and the Cookie needed to bypass MFA Authentication

If MFA is enabled and the user logged in successfully, we will receive the Cookie as well, since this demo those not contain a legitimate user, the cookie is not demonstrated but the cleartext attempt is logged.

Last updated