EvilGinx BARRACUDA Web Control

EvilGinx Web Control - is a web interface for monitoring, analyzing, and managing sessions in EvilGinx, a framework for MITM phishing. The panel allows red team operators to track captured credentials, cookies, and tokens, bypassing the MFA.

Key functions

Monitoring of captured Sessions:

Description: The central table on the main page displays all captured sessions in real time. Every 5 seconds, the table is updated via the polling API (fetchSessions), showing new sessions.

Usage: Viewing real-time data for attack analysis. Red team can track the success of phishing, identify the victim by IP/device. Functions: sorting (sortTable by column), filtering (filterTable by search and type), CSV export (showExportAlert with timer, exportTable generates the file "sessions_YYYY-MM-DD.csv").

Attack Statistics (Statistics Cards)

Description: Four cards at the top of the page: Total Sessions (total number of sessions from the API), Captured (number of sessions with the status "Captured", filtered by the presence of credentials/tokens), No Capture (sessions without capture, status "No Capture"), Active Users (number of unique IP from sessions, calculated via Set). It is updated every time fetchSessions is called.

Usage: Campaign performance monitoring. The Red team can evaluate the reach (Active Users) and success (Captured/Total).

Advantages for the red team: Instant assessment of the ROI attack, integration with GoPhish for correlation with the newsletter.

Users By Country

Description: A section with a world map (jsVectorMap based on "world_merc") and a list of countries. The map displays the number of users by country (mapData with a color scale from light to dark) using the location from the API (ioc "Unknown" or GeoIP). The list of countries in the list-group (e.g., "France: 1 user"). Updated in fetchSessions: counting countries from location, filtering by period (This Month, Last Month, This Year, Last Year) based on session time.

Usage: Analyzing the geography of victims. Hover on the map shows the tooltip with the number of users. .

Advantages for the red team: Visualization for reports, VPN/proxy detection by location/IP mismatch.

Search Sessions

Quick search by credentials, IP, User-Agent, etc. The Red team can find sessions by keywords (e.g., "192.168.1.1" or "Chrome").

Advantages for the red team: Acceleration of analysis, focus on specific victims (e.g., by IP from reconnaissance).

Configurations

Description: Menu section for managing the Evilginx configuration (configurations). Allows you to view/edit phishlets, lures, config, blacklist, custom redirects, e.t.c.

Integration with the API for downloading current settings (e.g., a list of phishlets from MySQL). YAML phishlet editing forms (proxyHosts, authUrls, forcePost, evilppupet, e.t.c.)

Advantages for the red team: Centralized campaign management, phishlet testing without restarting EvilGinx.

GoPhish

Description: Integration with GoPhish for sending phishing links (link /gophish). Displays campaigns, templates, and groups from the GoPhish API. Buttons for creating a campaign (choosing phishlet, lure URL), sending emails, monitoring (clicks, openings, credentials). Synchronization with EvilGinx sessions (rid from lure URL is associated with sessions).

Usage: Red team creates a campaign (e.g., "Phishing Test", template with lure URL), sends emails, tracks it in a table. API for reports (e.g., /api/gophish/campaigns).

Advantages for the red team: Distribution automation, correlation of clicks with captured sessions, reports for awareness training.

Modify

Description: An editor for modifying phishlets/lures (link /modify). Forms for editing YAML (proxyHosts, authUrls, subfilters, forcePost, e.t.c.), adding custom scripts. Phishlet preview (capture simulation), saving to phishlets/.

Usage: Red team customizes phishlet (e.g., add new token capture), tests, applies. The "Save", "Validate YAML", and "Test Capture" buttons.

Advantages for the red team: Quick adaptation to the target service, the addition of custom fields (e.g., OTP capture).

Support

Description: Support section (link /support). Documentation, FAQ, links to GitHub, and Toolkit updates. Bug reporting form, chat with the community, panel version. Integration with the API for logs (e.g., /api/logs).

Advantages for the red team: Quick access to resources, debugging problems.