Exploitation Tools

EvilApp – Phishing Attack To Grab Session Cookies (ByPass 2FA)

May 25, 2020

1 Min Read

EvilApp - Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)

Mazen Elzanaty MazenElzanaty MazenElzanaty MazenElzanaty

[sc name=”ad_1″]

Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated instagram sessions.

Legal disclaimer:
Usage of EvilApp for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

Requirement:
Android Studio

Tested on Kali Linux 2020.1 x64:

# git clone https://github.com/thelinuxchoice/EvilApp
# cd EvilApp
# bash evilapp.sh

Author: https://github.com/thelinuxchoice/EvilApp
Twitter: https://www.twitter.com/linux_choice

Download EvilApp

[sc name=”ad-in-article”]

Tags2FA android App Attack Bypass Cookies EvilApp Grab phishing Session Website

About the author

Mazen Elzanaty

2 Comments

Click here to post a comment

Cancel reply

QueBeccity says:

July 5, 2020 at 12:24 AM

Hello PT, iam pentester study and hackativis for 10 years, your website is very good!! I’m from Brazil. This EvilAPP and droidfiles been banned? left the github. They are very recent.Can you make it available? Thank you for sharing so much knowledge
Thank you!!!

Reply
- Mazen says:
  
  July 5, 2020 at 7:10 AM
  
  I’ll try to find a fork or something
  
  Reply

OhMyQR – Hijack Services That Relies On QR Code Authentication

Locator – Geolocator, Ip Tracker, Device Info By URL (Serveo And Ngrok)