# EvilGinx BARRACUDA Web Control

<figure><img src="/files/Dn6cutl4HRCdb7JyGTGu" alt=""><figcaption></figcaption></figure>

<mark style="color:red;">**EvilGinx Web Control**</mark> - is a web interface for monitoring, analyzing, and managing sessions in EvilGinx, a framework for MITM phishing. The panel allows red team operators to track captured credentials, cookies, and tokens, bypassing the MFA.

<h3 align="center"><strong>Key functions</strong></h3>

<mark style="color:$warning;">**Monitoring of captured Sessions:**</mark>

Description: The central table on the main page displays all captured sessions in real time. Every 5 seconds, the table is updated via the polling API (fetchSessions), showing new sessions.

Usage: Viewing real-time data for attack analysis. Red team can track the success of phishing, identify the victim by IP/device. Functions: sorting (sortTable by column), filtering (filterTable by search and type), CSV export (showExportAlert with timer, exportTable generates the file "sessions\_YYYY-MM-DD.csv").

#### <mark style="color:$warning;">**Attack Statistics (Statistics Cards)**</mark>

**Description**: Four cards at the top of the page: Total Sessions (total number of sessions from the API), Captured (number of sessions with the status "Captured", filtered by the presence of credentials/tokens), No Capture (sessions without capture, status "No Capture"), Active Users (number of unique IP from sessions, calculated via Set). It is updated every time fetchSessions is called.

**Usage**: Campaign performance monitoring. The Red team can evaluate the reach (Active Users) and success (Captured/Total).

**Advantages for the red team**: Instant assessment of the ROI attack, integration with GoPhish for correlation with the newsletter.

<mark style="color:$warning;">**Users By Country**</mark>

**Description**: A section with a world map (jsVectorMap based on "world\_merc") and a list of countries. The map displays the number of users by country (mapData with a color scale from light to dark) using the location from the API (ioc "Unknown" or GeoIP). The list of countries in the list-group (e.g., "France: 1 user"). Updated in fetchSessions: counting countries from location, filtering by period (This Month, Last Month, This Year, Last Year) based on session time.

**Usage**: Analyzing the geography of victims. Hover on the map shows the tooltip with the number of users. .

**Advantages for the red team**: Visualization for reports, VPN/proxy detection by location/IP mismatch.

<mark style="color:$warning;">**Search Sessions**</mark>

Quick search by credentials, IP, User-Agent, etc. The Red team can find sessions by keywords (e.g., "192.168.1.1" or "Chrome").

Advantages for the red team: Acceleration of analysis, focus on specific victims (e.g., by IP from reconnaissance).

<mark style="color:$warning;">**Configurations**</mark>

**Description**: Menu section for managing the Evilginx configuration (configurations). Allows you to view/edit phishlets, lures, config, blacklist, custom redirects, e.t.c.

Integration with the API for downloading current settings (e.g., a list of phishlets from MySQL). YAML phishlet editing forms (proxyHosts, authUrls, forcePost, evilppupet, e.t.c.)

**Advantages for the red team**: Centralized campaign management, phishlet testing without restarting EvilGinx.

<mark style="color:$warning;">**GoPhish**</mark>

**Description**: Integration with GoPhish for sending phishing links (link /gophish). Displays campaigns, templates, and groups from the GoPhish API. Buttons for creating a campaign (choosing phishlet, lure URL), sending emails, monitoring (clicks, openings, credentials). Synchronization with EvilGinx sessions (rid from lure URL is associated with sessions).

**Usage**: Red team creates a campaign (e.g., "Phishing Test", template with lure URL), sends emails, tracks it in a table. API for reports (e.g., /api/gophish/campaigns).

**Advantages for the red team**: Distribution automation, correlation of clicks with captured sessions, reports for awareness training.

<mark style="color:$warning;">**Modify**</mark>

**Description**: An editor for modifying phishlets/lures (link /modify). Forms for editing YAML (proxyHosts, authUrls, subfilters, forcePost, e.t.c.), adding custom scripts. Phishlet preview (capture simulation), saving to phishlets/.

**Usage**: Red team customizes phishlet (e.g., add new token capture), tests, applies. The "Save", "Validate YAML", and "Test Capture" buttons.

**Advantages for the red team**: Quick adaptation to the target service, the addition of custom fields (e.g., OTP capture).

<mark style="color:$warning;">**Support**</mark>

**Description**: Support section (link /support). Documentation, FAQ, links to GitHub, and Toolkit updates. Bug reporting form, chat with the community, panel version. Integration with the API for logs (e.g., /api/logs).

**Advantages for the red team**: Quick access to resources, debugging problems.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://rproxylab.gitbook.io/evilginx-lab-by-cfs0x/getting-started/evilginx-barracuda-web-control.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.