# EvilPUPPET The EvilPUPPET course equips participants with advanced skills in leveraging EvilPUPPET , a Node.js-based MITM proxy using Puppeteer for real-time phishing, session hijacking, and corporate reconnaissance. The course emphasizes stealth, automation, and bypassing modern defenses, covering the following key aspects: 1. **Deployment**\ Participants will explore EvilPUPPET architecture and functionality. The module covers cloning the repository, installing Node.js and dependencies, and configuring `config.js` (target URL, port, SSL certificates). 2. **Modifications and Improvements of** EvilPUPPET **\[EXPANDED MODULE]**\ This module dives deep into customizing EvilPUPPET through source code modifications, performance optimization, and new feature integration. Will address limitations (e.g., text field syncing, iframe issues) and enhance Puppeteer integration for advanced attacks. Key topics include: * Auto-Creds Logger: Real-time capture of login credentials from POST requests. * 2FA Push Replay: Intercepts OTP/push tokens for bypassing two-factor authentication. * Canvas Fingerprint Spoof: Alters canvas data to evade Cloudflare fingerprinting. * Auto-Screenshot Scheduler: Captures screenshots every 3 seconds for reconnaissance. * Dynamic User-Agent Spoofing: Randomizes User-Agents to mimic legitimate browsers. * Real-Time Keystroke Logger: Logs all keystrokes on phishing pages. * Automated Form Filler: Auto-populates forms to accelerate testing. * Session Cookie Exfiltration: Steals cookies post-authentication. * Geo-Spoofing: Fakes geolocation to bypass regional restrictions. * WebRTC Fingerprint Spoofing: Disables or spoofs WebRTC to avoid fingerprinting. * Input Validation Bypass: Removes client-side form validation (e.g., regex). * Dynamic DOM Manipulation: Injects hidden elements (e.g., fake buttons) for manipulation. * Screen Resolution Spoofing: Alters screen resolution to evade fingerprinting. * Session Timeout Extension: Simulates activity (scrolls/clicks) to extend sessions. * Font Fingerprint Spoofing: Spoofs font lists to bypass fingerprinting. * CSRF Token Harvesting: Captures CSRF tokens from forms. * Fake CAPTCHA Solver: Mimics CAPTCHA solutions to bypass checks. * Browser Plugin Spoofing: Fakes browser plugins to evade detection. * Data Exfiltration Scheduler: Periodically sends collected data (cookies, logs). * Configuring: EvilPUPPET parameters in PHISHLETs + Custom PARM, 3. Creating Professional Phishing Pages\ Participants will craft phishing pages mimicking services like Microsoft or Salesforce, ensuring legitimacy to evade suspicion. The module covers integration with EvilGinx Pro PHISHLETs and bypassing bot detection like CAPTCHA. 4. Using Puppeteer for Automation **\[**NEW**]**\ This section introduces Puppeteer for browser automation within EvilPUPPET . Participants will configure Puppeteer to automate interactions, capture real-time data (credentials, tokens), and streamline phishing workflows. 5. Corporate Reconnaissance\ Participants will master streaming corporate dashboards (e.g., Jira, CRM) via Puppeteer. The module includes GoPhish phishing campaigns ("Urgent task check!"), capturing user actions (scrolling, clicks, inputs), and extracting sensitive data (API keys, PII). MFA bypass via token replay is included. 6. Session Hijacking\ This module focuses on capturing cookies and JWTs through Puppeteer interactions. Participants will replay sessions for unauthorized access, bypassing 2FA (push/OTP), and gaining entry to banking or admin panels. 7. Custom Phishing Configurations\ Participants will create tailored setups in `config.js` and EvilGinx PHISHLETs . Examples for popular services ensure adaptability and optimized user experience to avoid detection. 8. Custom Anti-Fingerprinting Configurations **\[**NEW**]**\ Participants will bypass browser fingerprinting by spoofing user-agents, canvas fingerprints, WebGL, and headers to mimic legitimate browsers. Techniques to evade Cloudflare and advanced bot detection are covered. 9. Process Automation **\[**NEW**]**\ Participants will automate phishing workflows using Puppeteer scripts for data harvesting, cron jobs for scheduling, and API integration for real-time processing. Automation of lure delivery and session replay is included. 10. Evading Detection and Ensuring Anonymity\ Participants will master stealth: zero disk footprint, HTTPS, domain fronting, VPNs/TOR, temporary domains, and proxies to hide infrastructure and minimize traces. 11. Setting up GoPhish for Campaign Management\ Participants will install and configure GoPhish , integrating it with EvilPUPPET for large-scale phishing. The module covers campaign creation, multi-target management, and result analysis. 12. **Advanced** EvilPUPPET **Modifications**** \[**NEW MODULE**]**\ This module explores cutting-edge customizations: * **Browser Language Spoofing**: Spoofs language settings to bypass localization checks. * **Automated Form Submission Detection**: Logs form submissions for additional data capture. * **Mouse Movement Mimicry**: Simulates natural mouse movements to evade behavioral analysis. * **Audio Fingerprint Spoofing**: Alters Web Audio API to bypass fingerprinting. * **Dynamic Redirect Injection**: Inserts hidden redirects to manipulate victim navigation. **Application for Training**: * Telegram: @cfs0x * Tox: 340EF1DCEEC5B395B9B45963F945C00238ADDEAC87C117F64F46206911474C61981D96420B72 * Pricing: * $200 / Basic \[ includes: training, recording, support ] * $400/ Premium \[ includes: training, EvilPUPPET Modifications, Puppeteer, Anti-Fingerprinting, Automation, PHISHLETs , advanced modifications, support, recording ] --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://rproxylab.gitbook.io/evilginx-lab-by-cfs0x/getting-started/education/evilpuppet.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.