Please note that Evilginx can be adapted to work with any website, not only with Google.Įnjoy the video. I have decided to phish Google services for Evilginx demonstration as there is no better way to assess this tool's effectiveness than stress-testing best anti-phishing protections available. It works remotely, uses custom domain and a valid SSL certificate. It uses Nginx HTTP server to proxy legitimate login page, to visitors, and captures credentials and session cookies on-the-fly. ![]() I'm releasing my latest Evilginx project, which is a man-in-the-middle attack framework for remotely capturing credentials and session cookies of any web service. In today's post I'm going to show you how to make your phishing campaigns look and feel the best way possible. ![]() Almost every assignment starts with grabbing the low-hanging fruit, which are often employees' credentials obtained via phishing. Welcome to my new post! Over the past several months I've been researching new phishing techniques that could be used in penetration testing assignments.
0 Comments
Leave a Reply. |