Exploitation Tools

EvilApp – Phishing Attack To Grab Session Cookies (ByPass 2FA)

EvilApp - Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)


Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated instagram sessions.

Legal disclaimer:
Usage of EvilApp for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

Android Studio

Tested on Kali Linux 2020.1 x64:

# git clone https://github.com/thelinuxchoice/EvilApp
# cd EvilApp
# bash evilapp.sh

Author: https://github.com/thelinuxchoice/EvilApp
Twitter: https://www.twitter.com/linux_choice

About the author

Mazen Elzanaty


Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Hello PT, iam pentester study and hackativis for 10 years, your website is very good!! I’m from Brazil. This EvilAPP and droidfiles been banned? left the github. They are very recent.Can you make it available? Thank you for sharing so much knowledge
    Thank you!!!

%d bloggers like this: