# Config FLAG to send captured credentials to GoPHISH

By default, Evilginx does not send session information to Gophish. This is on purpose not to expose credentials and keep them in Evilginx only. Nevertheless, having credentials readily available in Gophish could be a nice feature to have everything in the dashboard, provided Gophish's admin interface is properly secured (behind a firewall for instance). I made it an opt-in feature to keep the default behavior.

Default behavior (or after `config gophish sessions false` in Evilginx' terminal):

<figure><img src="/files/b69yrrDLwuWbmsLx4Pwq" alt=""><figcaption></figcaption></figure>

After `config gophish sessions true` in Evilginx' terminal:

<br>

<figure><img src="/files/lTgXlXIX8LzBW6CEpM1Q" alt=""><figcaption></figcaption></figure>

The feature takes into account all three types of credentials (username, password and custom) and all three types of auth\_tokens (cookies, body and HTTP tokens).

NB: Actually displaying session info in Gophish requires the ability for Gophish to receive session information (see kgretzky/gophish#1).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://rproxylab.gitbook.io/evilginx-lab-by-cfs0x/basics/modified-extensions/config-flag-to-send-captured-credentials-to-gophish.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.