Search results

seems like you are a little butt hurt, d0s

keep domain inactive and only activate during short bursts of spamming. if they are going to visit/click your url, they would have done so within the first hour of it being spammed/sent out. beyond that, it is just researchers. when visiting url, do not have it redirect. have it be a simple...

that's because you're spamming. it has nothing to do with evilginx or being detected, it's the manner you're spamming and the filters catching it via keywords, links, source/origin, speed of emails/sms', headers, ip, etc. spamhaus is mainly automated...

wrong, it can hijack as many sessions as you want at once. read up on how reverse proxies work

evilginx2 will intercept the session and creds after otp is entered. it's free and simple to use and comes with an amazon phishlet for free

and evilginx isn't a scam lmao. it's a reverse proxy which essentially mirrors the website so that when someone logs into it from your URL, it'll redirect them back to the login page after hijacking the session/cookies which allows you to take it over (bypassing 2fa as the live session is on...

you can't. you can't steal a cookie by simply sending a 1-click phishing email, you'd have to phish for the actual live-2fa code (like a uadmin phishlet) or hijack the session after they are fully logged into a reverse proxy like the post above about evilginx2. your best chance is to social...

all you have to do is pass the server's request_uri using the script that is already provided by the panel (gate.php which is just an include call for ../../token/gate.php). then create a json object (use another phishlet's operations.json to model yours after) of each landing page/name...

don't redirect out of site, use timed sessions like mentioned in my last post and encode/obfuscate the html/js. that'll prevent bans.

it's not client-side, so there's nothing you can do unless you control the network or computer viewing the cross-origin website. Последнее редактирование: 23.09.2022

you can't without setting up a reverse proxy. the cross origin resource sharing policy prevents you from framing websites that do not want to be iframed due to the risk of phishing, etc

like he mentioned, don't redirect. create session tokens and store them in a db, then redirect customers with the GET token in the URL (eg, domain.com/?sess=TOKEN_HERE), and have it expire the entire token after a few hours and also start banning IPs after a few minutes of their initial visit to...

you don't need to modify those. at all. the data is sent over PHP using $_SERVER['REQUEST_URI'], the js is just meant to help track their progress live while telling the panel what page is next and what variable data is on each page so you can send specific ones to them without reloading the...

just load a small VoIP account and use their REST API, break up texts by random intervals and you can get a few thousand out from each.