Evilginx 3.0 Project Description

What is the project about?

Evilginx 3.0 is a man-in-the-middle (MITM) attack framework designed for phishing login credentials and session cookies. It allows attackers to bypass two-factor authentication (2FA) protection.

What problem does it solve?

It demonstrates the vulnerability of systems even with 2FA, by intercepting session cookies, allowing attackers to gain unauthorized access.

What are the features of the project?

• Acts as a proxy between a user's browser and the targeted (phished) website.
• Captures login credentials and session cookies.
• Bypasses 2-factor authentication.
• Standalone application with its own HTTP and DNS server.
• Easy to set up and use.
• Gophish Integration.

What are the technologies used in the project?

• Go (Golang) programming language.
• Custom HTTP and DNS server implementation.

What are the benefits of the project?

• Demonstrates a critical security vulnerability.
• Raises awareness about advanced phishing techniques.
• Helps defenders understand and develop countermeasures.
• Easy to deploy for authorized penetration testing.

What are the use cases of the project?

• Legitimate penetration testing to assess security posture.
• Security research and education.
• Red team engagements (with explicit permission).