The article from BreakDev discusses the integration of Evilginx 3.3 with GoPhish, a significant update that enhances phishing campaign capabilities. These updates to Evilginx and its integration with GoPhish represent significant advancements in phishing campaign technology, offering users more sophisticated tools for creating and managing phishing attempts with enhanced customization and tracking capabilities.
Here are the key points and new features introduced:
📌 Integration with GoPhish: Evilginx now officially integrates with GoPhish by Jordan Wright. This collaboration allows users to create phishing campaigns that send emails with valid Evilginx lure URLs, leveraging GoPhish’s user interface to monitor the campaign’s effectiveness, including email opens, lure URL clicks, and successful session captures.
📌 API Enhancements: The update has introduced additional API endpoints in GoPhish, enabling changes to the results status for every sent email. This improvement facilitates more dynamic and responsive campaign management.
📌 Lure URL Generation: In the new workflow, when creating a campaign in GoPhish, users no longer select a ”Landing Page.” Instead, they generate a lure URL in Evilginx and input it into the ”Evilginx Lure URL” text box. This process streamlines the creation of phishing campaigns.
📌 Custom Parameters and Personalization: GoPhish automatically generates encrypted custom parameters with personalized content for each link embedded in the generated email messages. These parameters include the recipient’s first name, last name, and email. This feature allows for the customization of phishing pages through js_inject scripts, enhancing the effectiveness of phishing attempts.
📌 Expanded TLD Support: Evilginx has expanded its support for new Top-Level Domains (TLDs) to improve the efficiency of URL detection in proxied packets. This update aims to better differentiate between phishing and original domains by recognizing URLs ending with a broader range of known TLDs. The updated list includes a variety of TLDs, such as .aero, .arpa, .biz, .cloud, .gov, .info, .net, .org, and many others, including all known 2-character TLDs.
**
Evilginx and GoPhish are tools used in cybersecurity, particularly in the context of phishing simulations and man-in-the-middle (MitM) attack frameworks. They serve different purposes but can be used together to enhance phishing campaigns and security testing.
📌Evilginx is a man-in-the-middle attack framework that can bypass two-factor authentication (2FA) mechanisms.
- It works by tricking a user into visiting a proxy site that looks like the legitimate site they intend to visit. As the user logs in and completes the 2FA challenge, Evilginx captures the user’s login information and the authentication token.
- This method allows the attacker to replay the token and access the targeted service as the user, effectively bypassing 2FA protections.
📌GoPhish is an open-source phishing toolkit designed for businesses and security professionals to conduct security awareness training and phishing simulation exercises.