Quick Installation Guide
Background:
An Adversary-in-the-Middle (AiTM) attack is where a threat actor intercepts communication between two parties, often to capture sensitive data such as login credentials, session cookies, or other authentication tokens. Unlike traditional man-in-the-middle (MiTM) attacks, AiTM targets authenticated sessions directly, enabling attackers to bypass multi-factor authentication (MFA) by hijacking session cookies rather than attempting to steal usernames and passwords alone.
Evilginx is a server-based tool though that has to be reachable from anywhere your phishing email lands. So naturally, cloud hosting is what we want to look to. For this guide, we’ll use DigitalOcean as a quick and affordable solution to get up and running quickly.
To start, you’ll obviously need a DigitalOcean account. If you haven’t already, head to the link below to sign up.
https://cloud.digitalocean.com/registrations/new
Once signed up, we want to create what DigitalOcean calls a “Droplet” — essentially a scalable virtual private server (VPS) that provides compute power and storage to run applications, websites, and other server-based workloads in the cloud.
DigitalOcean doesn’t provide us with a Kali droplet, so we’ll want to use Debian and install the tools necessary to make it work.
1. Create a Debian Droplet
Version — 12 x64 (or latest)
Type: Basic
Storage: Basic (SSD) is all we need for this
Select the storage size and price point that best suits your needs
2. Set Up a Domain Name
Go to the droplet page and select “console” in the top right corner
I chose to use Namecheap to purchase my domain name.
Regardless of where you get one though, make sure you point the domain name to your droplet by adding the correct nameservers:
In DigitalOcean select Networking -> Domains, and add your domain. Make sure you select the project that your Debian droplet is in.
Under DNS settings point your domain name to your Debian droplet:
You’ll want to add any subdomains that you might use here as well.
3. Install Kali tools on the Debian instance
Launch the console for your Debian droplet using the “console” button on the droplets main page:
While we could manually install all of the necessary tools to run Evilginx, I believe it is a little easier to just install it from the Kali repository, so we’ll need to add it to our sources list -> /etc/apt/sources.list
Here is what it should show:
deb http://kali.download/kali kali-rolling main non-free contribRun this command to quickly add it:
echo ‘deb http://kali.download/kali kali-rolling main non-free contrib’ > /etc/apt/sources.listAdd the Kali apt key
wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-keyring.ascIf you don’t have wget installed, simply run apt-get install wget
Update packages
sudo apt update
sudo apt upgrade
sudo apt install kali-defaultsAdd a standard user
useradd -m -G sudo -s /bin/bash kaliuser
passwd kaliuserThis is recommended so you’re not constantly running under root privileges.
4. Configure DNS
If Evilginx doesn’t have access to port 53 then you’ll receive the error Failed to start nameserver on port 53
To prevent that from happening, we need to do a quick DNS setup using resolved.conf file.
sudo nano /etc/systemd/resolved.confUncomment the DNS= line, the FallbackDNS= line, DNSStubListener= line and set them to these values.
[Resolve]
DNS=1.1.1.1
FallbackDNS=8.8.8.8
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=no
DNSStubListener=no
#ReadEtcHosts=yesTo save the file (if you’re in nano), press Ctrl + x, they type y and press Enter.
Next, create a symbolic link between /run/systemd/resolve/resolv.conf and /etc/resolv.conf.
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.confREBOOT!
5. Install Evilginx!
To Install:
sudo apt install evilginx2To run:
evilginx2And that’s it! You now have Evilginx installed in DigialOcean.
A guide on using Evilginx from this setup point is coming soon
