EvilPUPPET

The EvilPUPPET course equips participants with advanced skills in leveraging EvilPUPPET , a Node.js-based MITM proxy using Puppeteer for real-time phishing, session hijacking, and corporate reconnaissance. The course emphasizes stealth, automation, and bypassing modern defenses, covering the following key aspects:

1. Deployment Participants will explore EvilPUPPET architecture and functionality. The module covers cloning the repository, installing Node.js and dependencies, and configuring config.js (target URL, port, SSL certificates).

2. Modifications and Improvements of EvilPUPPET [EXPANDED MODULE] This module dives deep into customizing EvilPUPPET through source code modifications, performance optimization, and new feature integration. Will address limitations (e.g., text field syncing, iframe issues) and enhance Puppeteer integration for advanced attacks. Key topics include:

   • Auto-Creds Logger: Real-time capture of login credentials from POST requests.

   • 2FA Push Replay: Intercepts OTP/push tokens for bypassing two-factor authentication.

   • Canvas Fingerprint Spoof: Alters canvas data to evade Cloudflare fingerprinting.

   • Auto-Screenshot Scheduler: Captures screenshots every 3 seconds for reconnaissance.

   • Dynamic User-Agent Spoofing: Randomizes User-Agents to mimic legitimate browsers.

   • Real-Time Keystroke Logger: Logs all keystrokes on phishing pages.

   • Automated Form Filler: Auto-populates forms to accelerate testing.

   • Session Cookie Exfiltration: Steals cookies post-authentication.

   • Geo-Spoofing: Fakes geolocation to bypass regional restrictions.

   • WebRTC Fingerprint Spoofing: Disables or spoofs WebRTC to avoid fingerprinting.

   • Input Validation Bypass: Removes client-side form validation (e.g., regex).

   • Dynamic DOM Manipulation: Injects hidden elements (e.g., fake buttons) for manipulation.

   • Screen Resolution Spoofing: Alters screen resolution to evade fingerprinting.

   • Session Timeout Extension: Simulates activity (scrolls/clicks) to extend sessions.

   • Font Fingerprint Spoofing: Spoofs font lists to bypass fingerprinting.

   • CSRF Token Harvesting: Captures CSRF tokens from forms.

   • Fake CAPTCHA Solver: Mimics CAPTCHA solutions to bypass checks.

   • Browser Plugin Spoofing: Fakes browser plugins to evade detection.

   • Data Exfiltration Scheduler: Periodically sends collected data (cookies, logs).

   • Configuring: EvilPUPPET parameters in PHISHLETs + Custom PARM,

3. Creating Professional Phishing Pages Participants will craft phishing pages mimicking services like Microsoft or Salesforce, ensuring legitimacy to evade suspicion. The module covers integration with EvilGinx Pro PHISHLETs and bypassing bot detection like CAPTCHA.

4. Using Puppeteer for Automation [NEW] This section introduces Puppeteer for browser automation within EvilPUPPET . Participants will configure Puppeteer to automate interactions, capture real-time data (credentials, tokens), and streamline phishing workflows.

5. Corporate Reconnaissance Participants will master streaming corporate dashboards (e.g., Jira, CRM) via Puppeteer. The module includes GoPhish phishing campaigns ("Urgent task check!"), capturing user actions (scrolling, clicks, inputs), and extracting sensitive data (API keys, PII). MFA bypass via token replay is included.

6. Session Hijacking This module focuses on capturing cookies and JWTs through Puppeteer interactions. Participants will replay sessions for unauthorized access, bypassing 2FA (push/OTP), and gaining entry to banking or admin panels.

7. Custom Phishing Configurations Participants will create tailored setups in config.js and EvilGinx PHISHLETs . Examples for popular services ensure adaptability and optimized user experience to avoid detection.

8. Custom Anti-Fingerprinting Configurations [NEW] Participants will bypass browser fingerprinting by spoofing user-agents, canvas fingerprints, WebGL, and headers to mimic legitimate browsers. Techniques to evade Cloudflare and advanced bot detection are covered.

9. Process Automation [NEW] Participants will automate phishing workflows using Puppeteer scripts for data harvesting, cron jobs for scheduling, and API integration for real-time processing. Automation of lure delivery and session replay is included.

10. Evading Detection and Ensuring Anonymity Participants will master stealth: zero disk footprint, HTTPS, domain fronting, VPNs/TOR, temporary domains, and proxies to hide infrastructure and minimize traces.

11. Setting up GoPhish for Campaign Management Participants will install and configure GoPhish , integrating it with EvilPUPPET for large-scale phishing. The module covers campaign creation, multi-target management, and result analysis.

12. Advanced EvilPUPPET Modifications [NEW MODULE] This module explores cutting-edge customizations:

    • Browser Language Spoofing: Spoofs language settings to bypass localization checks.

    • Automated Form Submission Detection: Logs form submissions for additional data capture.

    • Mouse Movement Mimicry: Simulates natural mouse movements to evade behavioral analysis.

    • Audio Fingerprint Spoofing: Alters Web Audio API to bypass fingerprinting.

    • Dynamic Redirect Injection: Inserts hidden redirects to manipulate victim navigation.

Application for Training:

• Email: [email protected]

• Telegram: @EvilWhales

• Tox: 340EF1DCEEC5B395B9B45963F945C00238ADDEAC87C117F64F46206911474C61981D96420B72

• Pricing:

  • $200 / Basic [ includes: training, recording, support ]

  • $300 / Premium [ includes: training, EvilPUPPET Modifications, Puppeteer, Anti-Fingerprinting, Automation, PHISHLETs , advanced modifications, support, recording ]