I setup a Debian 10 server on Linode to host Evilginx where I was able to successfully initiate a man-in-the-middle attack to steal the username, password and session cookie information which was used to bypass 2-factor authentication.
I followed this guide https://janbakker.tech/how-to-set-up-evilginx-to-phish-office-365-credentials/
I will also be adding my own step by step guide on how to set-up this infrastructure using Linode and explaining how I worked through some missing steps not shown in the previous guide.
Comments