Evilginx + GoPhish

The ‎article‏ ‎from ‎BreakDev discusses ‎the ‎integration ‎of‏ ‎Evilginx ‎3.3‏ ‎with‏ ‎GoPhish, ‎a ‎significant‏ ‎update ‎that‏ ‎enhances ‎phishing ‎campaign ‎capabilities.‏ ‎These‏ ‎updates ‎to‏ ‎Evilginx ‎and‏ ‎its ‎integration ‎with ‎GoPhish ‎represent‏ ‎significant‏ ‎advancements ‎in‏ ‎phishing ‎campaign‏ ‎technology, ‎offering ‎users ‎more ‎sophisticated‏ ‎tools‏ ‎for‏ ‎creating ‎and‏ ‎managing ‎phishing‏ ‎attempts ‎with‏ ‎enhanced‏ ‎customization ‎and‏ ‎tracking ‎capabilities.

Here ‎are ‎the ‎key‏ ‎points ‎and‏ ‎new‏ ‎features ‎introduced:

📌Integration ‎with‏ ‎GoPhish: Evilginx ‎now‏ ‎officially ‎integrates ‎with ‎GoPhish‏ ‎by‏ ‎Jordan ‎Wright.‏ ‎This ‎collaboration‏ ‎allows ‎users ‎to ‎create ‎phishing‏ ‎campaigns‏ ‎that ‎send‏ ‎emails ‎with‏ ‎valid ‎Evilginx ‎lure ‎URLs, ‎leveraging‏ ‎GoPhish’s‏ ‎user‏ ‎interface ‎to‏ ‎monitor ‎the‏ ‎campaign’s ‎effectiveness,‏ ‎including‏ ‎email ‎opens,‏ ‎lure ‎URL ‎clicks, ‎and ‎successful‏ ‎session ‎captures.

📌API‏ ‎Enhancements: The‏ ‎update ‎has ‎introduced‏ ‎additional ‎API‏ ‎endpoints ‎in ‎GoPhish, ‎enabling‏ ‎changes‏ ‎to ‎the‏ ‎results ‎status‏ ‎for ‎every ‎sent ‎email. ‎This‏ ‎improvement‏ ‎facilitates ‎more‏ ‎dynamic ‎and‏ ‎responsive ‎campaign ‎management.

📌Lure ‎URL ‎Generation: In‏ ‎the‏ ‎new‏ ‎workflow, ‎when‏ ‎creating ‎a‏ ‎campaign ‎in‏ ‎GoPhish,‏ ‎users ‎no‏ ‎longer ‎select ‎a ‎«Landing ‎Page.»‏ ‎Instead, ‎they‏ ‎generate‏ ‎a ‎lure ‎URL‏ ‎in ‎Evilginx‏ ‎and ‎input ‎it ‎into‏ ‎the‏ ‎«Evilginx ‎Lure‏ ‎URL» ‎text‏ ‎box. ‎This ‎process ‎streamlines ‎the‏ ‎creation‏ ‎of ‎phishing‏ ‎campaigns.

📌Custom ‎Parameters‏ ‎and ‎Personalization: GoPhish ‎automatically ‎generates ‎encrypted‏ ‎custom‏ ‎parameters‏ ‎with ‎personalized‏ ‎content ‎for‏ ‎each ‎link‏ ‎embedded‏ ‎in ‎the‏ ‎generated ‎email ‎messages. ‎These ‎parameters‏ ‎include ‎the‏ ‎recipient’s‏ ‎first ‎name, ‎last‏ ‎name, ‎and‏ ‎email. ‎This ‎feature ‎allows‏ ‎for‏ ‎the ‎customization‏ ‎of ‎phishing‏ ‎pages ‎through ‎js_inject ‎scripts, ‎enhancing‏ ‎the‏ ‎effectiveness ‎of‏ ‎phishing ‎attempts.

📌Expanded‏ ‎TLD ‎Support: Evilginx ‎has ‎expanded ‎its‏ ‎support‏ ‎for‏ ‎new ‎Top-Level‏ ‎Domains ‎(TLDs)‏ ‎to ‎improve‏ ‎the‏ ‎efficiency ‎of‏ ‎URL ‎detection ‎in ‎proxied ‎packets.‏ ‎This ‎update‏ ‎aims‏ ‎to ‎better ‎differentiate‏ ‎between ‎phishing‏ ‎and ‎original ‎domains ‎by‏ ‎recognizing‏ ‎URLs ‎ending‏ ‎with ‎a‏ ‎broader ‎range ‎of ‎known ‎TLDs.‏ ‎The‏ ‎updated ‎list‏ ‎includes ‎a‏ ‎variety ‎of ‎TLDs, ‎such ‎as‏ ‎.aero,‏ ‎.arpa,‏ ‎.biz, ‎.cloud,‏ ‎.gov, ‎.info,‏ ‎.net, ‎.org,‏ ‎and‏ ‎many ‎others,‏ ‎including ‎all ‎known ‎2-character ‎TLDs.

**

Evilginx‏ ‎and ‎GoPhish‏ ‎are‏ ‎tools ‎used ‎in‏ ‎cybersecurity, ‎particularly‏ ‎in ‎the ‎context ‎of‏ ‎phishing‏ ‎simulations ‎and‏ ‎man-in-the-middle ‎(MitM)‏ ‎attack ‎frameworks. ‎They ‎serve ‎different‏ ‎purposes‏ ‎but ‎can‏ ‎be ‎used‏ ‎together ‎to ‎enhance ‎phishing ‎campaigns‏ ‎and‏ ‎security‏ ‎testing.

📌Evilginx ‎is‏ ‎a ‎man-in-the-middle‏ ‎attack ‎framework‏ ‎that‏ ‎can ‎bypass‏ ‎two-factor ‎authentication ‎(2FA) ‎mechanisms.

• It ‎works‏ ‎by ‎tricking‏ ‎a‏ ‎user ‎into ‎visiting‏ ‎a ‎proxy‏ ‎site ‎that ‎looks ‎like‏ ‎the‏ ‎legitimate ‎site‏ ‎they ‎intend‏ ‎to ‎visit. ‎As ‎the ‎user‏ ‎logs‏ ‎in ‎and‏ ‎completes ‎the‏ ‎2FA ‎challenge, ‎Evilginx ‎captures ‎the‏ ‎user’s‏ ‎login‏ ‎information ‎and‏ ‎the ‎authentication‏ ‎token.
• This ‎method‏ ‎allows‏ ‎the ‎attacker‏ ‎to ‎replay ‎the ‎token ‎and‏ ‎access ‎the‏ ‎targeted‏ ‎service ‎as ‎the‏ ‎user, ‎effectively‏ ‎bypassing ‎2FA ‎protections.

📌GoPhish ‎is‏ ‎an‏ ‎open-source ‎phishing‏ ‎toolkit ‎designed‏ ‎for ‎businesses ‎and ‎security ‎professionals‏ ‎to‏ ‎conduct ‎security‏ ‎awareness ‎training‏ ‎and ‎phishing ‎simulation ‎exercises.

• It ‎allows‏ ‎users‏ ‎to‏ ‎create ‎and‏ ‎track ‎the‏ ‎effectiveness ‎of‏ ‎phishing‏ ‎campaigns, ‎including‏ ‎email ‎opens, ‎link ‎clicks, ‎and‏ ‎data ‎submission‏ ‎on‏ ‎phishing ‎pages.