Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
This PR checks if an X-Forwarded-For header is present and treats this as the remote IP. This supports scenarios where Evilginx is behind a reverse proxy, a scenario which may have some operational security benefits.
The default behavior of Evilginx is to register certificates for subdomains on the fly. While convenient, this can hurt us if the target proactively monitors certificate transparency logs for brand impersonation attempts. To mitigate this, we can run Evilginx2 in developer mode (which will only generate the certs locally) and then front it with Nginx redirector, using a wildcard certificate and subdomain.
We would configure .example.com DNS record and request a wildcard certificate (and a wildcard cert for any subdomains we may want to use as well, e.g .phish.example.com).
This PR checks if an X-Forwarded-For header is present and treats this as the remote IP. This supports scenarios where Evilginx is behind a reverse proxy, a scenario which may have some operational security benefits.
The default behavior of Evilginx is to register certificates for subdomains on the fly. While convenient, this can hurt us if the target proactively monitors certificate transparency logs for brand impersonation attempts. To mitigate this, we can run Evilginx2 in developer mode (which will only generate the certs locally) and then front it with Nginx redirector, using a wildcard certificate and subdomain.
We would configure .example.com DNS record and request a wildcard certificate (and a wildcard cert for any subdomains we may want to use as well, e.g .phish.example.com).
An example nginx configuration may look like: