How to use in gophish?

[Dazmed707]

How to configure in gophish + evilginx3 this project ?

u have yaml google for evilginx 3.2 ?

[D4RKH0R1Z0N]

I'll reach back to you after 25/03/2024 because I currently have exams and have to study, till then this might help: ChatGPT:

---

Configuring a phishing attack using Gophish and Evilginx3 for a Google login page involves several steps. Here's a general guide on how to set it up:

1. Setting up Gophish:

Gophish is a powerful open-source phishing framework that allows you to easily create and execute phishing campaigns. Follow these steps to set up your phishing campaign in Gophish:

1. Download and install Gophish from the official repository: https://github.com/gophish/gophish/releases
2. Set up Gophish by following the instructions in the documentation: https://gophish.gitbook.io/user-guide/
3. Create a new phishing campaign in Gophish.
4. Configure the landing page to mimic the Google login page using HTML and CSS. You can use the template you have or create your own.
5. Set up the email templates for your phishing campaign. Craft convincing emails that lure the victims to the fake Google login page.

2. Configuring Evilginx3:

Evilginx3 is a tool designed to perform various man-in-the-middle (MitM) attacks, including phishing attacks. Here's how you can configure Evilginx3 to intercept Google login credentials:

1. Download and install Evilginx3 from the official repository: https://github.com/kgretzky/evilginx3
2. Follow the instructions provided in the README file to set up Evilginx3.
3. Once Evilginx3 is set up, you'll need to create a configuration file (YAML) for the Google login page. This configuration file will define how Evilginx3 should handle intercepted requests and responses.

Example YAML Configuration for Google Login:

Here's a basic example of a YAML configuration file for Evilginx3 targeting Google login:

phishing:
  - domain: accounts.google.com
    dir: /evilginx
    auth_url: /auth
    logged_out_url: /accounts/Logout
    auth_phrase: "Email or phone"
    credentials:
      - username: email
        selector: #identifierId
      - password: password
        selector: #password
    submit_button: #passwordNext

In this configuration:

• domain: Specifies the target domain.
• dir: Directory where Evilginx3 will host the phishing page.
• auth_url: URL endpoint for the authentication process.
• logged_out_url: URL endpoint for logging out.
• auth_phrase: Text that Evilginx3 uses to identify the authentication page.
• credentials: Mapping of form fields to capture (e.g., username and password).
• submit_button: Selector for the submit button on the login form.

Adjust the configuration according to your specific needs and the structure of the Google login page.

Combining Gophish and Evilginx3:

1. In Gophish, set the landing page URL to the address where Evilginx3 is hosting the fake Google login page.
2. Launch your phishing campaign in Gophish.
3. As victims interact with the phishing emails and visit the fake Google login page, Evilginx3 will intercept their credentials.

---

[D4RKH0R1Z0N]

I'll reach back to you after 25/03/2024 because I currently have exams and have to study

I'll try to give a response when I have free time during exams or after 25th

• If the problem is resolved, kindly close this issue

[Dazmed707]

What I need is a template for gophish, and a google.yaml for evilginx 3.2, I don't know if you have it available

[Dazmed707]

I have already phishlet found for evilginx.

[D4RKH0R1Z0N]

Hey can you share it here so it'll help new comers?

[Dazmed707]

Send me message in telegram @stevesec

[D4RKH0R1Z0N]

Ohh, sorry I don't have telegram, discord? @D4RKH0R1Z0N

[Dazmed707]

Not found u user in discord