Evilginx2

TRENDINGVERIFIED

Advanced phishing framework with reverse proxy for MFA bypass

Social EngineeringOSS

Advanced

Linux

Description

Evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing attackers to bypass two-factor authentication. It operates as a transparent reverse proxy between the victim and the legitimate service, capturing authentication tokens in real time.

Use Cases

Test MFA bypass resilience via reverse proxy phishing
Capture session cookies to bypass two-factor authentication
Simulate advanced adversary phishing techniques in red team engagements

Attack Phases

01. RECON

02. SCAN

03. EXPLOIT

04. PERSIST

05. COVER

MITRE ATT&CK Techniques (3)

T1557Adversary-in-the-Middle

Related Tools (3)

Gophish Modlishka Social-Engineer Toolkit (SET)