3.3.0 - Go & Phish

Go & Phish - Official Gophish integration released!

You can learn more about this update in the official blog post: https://breakdev.org/evilginx-3-3-go-phish/

CHANGELOG

• Feature: Official GoPhish integration, using the fork: https://github.com/kgretzky/gophish
• Feature: Added support to load custom TLS certificates from a public certificate file and a private key file stored in ~/.evilginx/crt/sites/<hostname>/. Will load fullchain.pem and privkey.pem pair or a combination of a .pem/.crt (public certificate) and a .key (private key) file. Make sure to run without -developer flag and disable autocert retrieval with config autocert off.
• Feature: Added ability to inject force_post POST parameters into JSON content body (by @yudasm_).
• Feature: Added ability to disable automated TLS certificate retrieval from LetsEncrypt with config autocert <on/off>.
• Feature: Evilginx will now properly recognize origin IP for requests coming from behind a reverse proxy (nginx/apache2/cloudflare/azure).
• Fixed: Infinite redirection loop if the lure URL path was the same as the login path defined in the phishlet.
• Fixed: Added support for exported cookies with names prefixed with __Host- and __Secure-.
• Fixed: Global unauth_url can now be set to an empty string to have the server return 403 on unauthorized requests.
• Fixed: Unauthorized redirects and blacklisting would be ignored for proxy_hosts with session: false (default) making it easy to detect evilginx by external scanners.
• Fixed: IP address 127.0.0.1 is now ignored from being added to the IP blacklist.
• Fixed: Added support for more TLDs to use with phishing domains (e.g. xyz, art, tech, wiki, lol & more)
• Fixed: Credentials will now be captured also from intercepted requests.