Evilginx Phishlet Developer Masterclass (2025)

NEW COURSE LAUNCH SALE: Save 25% OFF!

Use Promo Code: EARLYBIRD25

Evilginx Phishlet Developer Masterclass (2025)

Learn a systematic process of creating, debugging, and programming Evilginx phishlets from scratch. Learn to analyze authentication flows, bypass MFA protections, troubleshoot errors, and deploy advanced reverse-proxy phishing techniques in 2025.

Buy Now

Course Curriculum (All Lessons & Chapters)

Click SHOW MORE to View All Lessons

1. Getting Started: Welcome and Thank You for Joining the Course
2. Student Welcome Survey
3. Why This Phishlet Development Course Was Created and What It Aims to Achieve
4. Phishing in 2025: Current Threat Landscapes, MFA Fatigue and Defensive Measures
5. iPhone Man-in-the-Middle (MitM) Attack - iOS Attack Showcase on Hotel WiFi (Demo)
6. Phishing in 2025: Evilginx, EvilProxy, V3B: Showcasing Reverse Proxy Techniques for Advanced Phishing and Authentication Bypass
7. Evolution of Phishing Tools: Comparing Old-School Phishing vs Reverse-Proxy Methods, Tool Limitations, PyPhisher Technical Demo, and Microsoft Reverse-Proxy Implementation
8. Advanced Phishing Demonstration #1: EvilProxy
9. Advanced Phishing Demonstration #2: V3B Banking Phishing Kit
10. Advanced Phishing Kit Analysis: V3B Banking Phishing Kit
1. Reviewing Phishlets and Their Importance to Reverse-Proxy Phishing
2. Evilginx 3.0 Phishlet Documentation Deep Dive (with Use-Case Examples)
3. JavaScript Injection Techniques: Features, Syntax, Implementation Methods, Strategic Placement, and AI/LLM Integration Considerations
4. JavaScript Fundamentals: Variables, Control Flow, Functions, DOM Manipulation, Event Handling, String Operations, and Regular Expression Implementation
5. (Script) Instagram custom js_inject
6. POST Request Analysis and Technical Implementation of Forcing Post Requests
7. Fidelity Phishlet - Forcing Post Requests on a Banking Login | Fidelity Auth Study: Technical Analysis of Fidelity Implementation in Evilginx 3.3.0
8. Specific Force_Post Use Cases: Basic Auth to Multi-Parameter Handling
9. Advanced Force_Post Techniques: Complex Authentication Flows and Parameter Manipulation Methods
10. (Quiz & Review) Evilginx Phishlet Documentation
1. Fundamentals of YAML Syntax: A Comprehensive Guide To Programming in YAML (YAML Ain't Markup Language™)
2. YAML Basics: A Complete Language Guide with Examples
3. (Quiz & Review) YAML Fundamentals
1. Tools Required for this Course
2. Main Course Visual Studio Code Color Theme
3. Complete Tools and Environment Setup
4. Required Tools + Materials Direct Downloads
5. Compete Server Setup: Creating Fresh Server, Updating System & Evilginx Installation
6. (Code) Fixing Network Configuration & Resolving DNS issues
7. (Code) Quick One-Line VPS Setup for Evilginx3
8. (Optional) Updated GPT Prompt (If content blocking occurs)
9. Best Practices: Root vs. Non-Root Privileges
10. (Optional) How to Fix Nameserver on 53 & Address Already in Use Error
11. (Code) Phishlet Starter Templates
1. Why We Begin With Network Traffic Analysis
2. Sample - POST Request
3. GET Request - Example
4. GET vs POST Requests in Credential Phishing
5. Failure Points for Modern Phishing Attacks (Post Google/Yahoo Updates)
6. (Quiz and Review) Understanding Developer Tools for Network Analysis
1. Fundamentals of HTTP Cookies: Request Headers, Response Headers, Client Storage and Cookie Manipulation
2. How Authentication Works: Understanding Cookies, Session Management, and Token Implementation
3. Understanding HTTP Request/Response: Header Architecture and Cookie Management Through Browser Developer Tools
4. Understanding Cookies Quiz and Review
1. Introduction to Reverse Engineering & User Authentication Flows: Methodology, Analysis Techniques, and Login Flow Architecture
2. Network Architecture Review: Fundamentals of Technical Infrastructure, Protocol Analysis, and Core Networking Concepts
3. HTTP Protocol Deep Dive: Understanding Status Codes, Request Methods, and Network Response Analysis
4. Mastering Developer Tools Like a Pro: The Basics of Web Debuggers & Developer Tools
5. The Developer Tool Deep-Dive with Expert Demonstration (with Hussain)
6. Website Traffic Key Points: Network Tab Techniques, Cookie Investigation, and Traffic Monitoring Methods for Creating Phishlets in Evilginx
7. (Quiz & Review) Web Authentication Analysis & Reverse Engineering: Methodologies, Tools, and Traffic Inspection Techniques
1. RECAP: What We've Learned Up Until This Point
2. Moving Forward in The Course
1. Introduction: A Systematic Approach to Building and Deploying Phishlets
2. Preliminary Domain Analysis: Using urlscan.io to Analyze Target Domains Before Development
3. Customizing Your DevTools: Optimizing Filtering Tab for Network Traffic Analysis
4. Signing Up and Verifying a Test Account for Phishlet Development
5. Filtering Target Domains and Subdomains: Identifying Proxy Hosts and Authentication Traffic (Part 1)
6. Refining Proxy Hosts: Selecting Critical Domains and Session Management (Part 2)
7. Configuring Basic Header Information: Name, Min_Ver, Author, and Proxy Hosts
8. Defining Cookie & Authentication Tokens (auth_tokens): Exporting from Storage Ace and Filtering in Microsoft Excel
9. Finding User Login Credentials: Identifying Username and Password Fields in Network Traffic
10. Defining the Login Path: Assigning the Domain and Authentication Endpoint
11. Phishlet Build Summary and Implementation Walkthrough
1. Analysis of Phishlet Complexity: Understanding L1-L4 Technical Complexity Levels and Advanced Implementation
1. Introduction to Lab #2: Guidelines & Review
2. Snapchat Lab: Methodology & Key Components
3. How Snapchat Enhanced Security and Reduced Costs with Arkose Labs
4. Analyzing Snapchat's Login & MFA Authentication Traffic: Capturing Requests, Identifying Proxy Hosts, and Structuring Data in Excel
5. Adding Blank Subfilters: Configuring Auth_Tokens, Exporting Cookie Data, and Refining Authentication Cookies in Excel
6. Refining Cookie Filtering in Excel, Applying Token Key Modifiers, Reauthenticating into Snapchat, and Identifying the Authentication URL (auth_url)
7. (DOWNLOAD) Snapchat Auth_Tokens Cookie/Token Reference Guide
8. Developing and Validating the Snapchat Login Path: Refining Authentication Flow and Ensuring Phishlet Accuracy Through Iterative Testing
1. Configuring Evilginx 3.0 and Deploying Phishing URL Lures, Setting Hostnames
2. B - Troubleshooting Status Errors/Fallbacks, Testing Incognito Mode, and Modifying Proxy Host Values
3. Resolving Errors: Understanding Dynamic Subfilter Implementation
4. Sub_filters: Leveraging Documentation, Split-Screen Workflow and Coding Initial Subfilters for Proxy Hosts
5. How to use Regular Expressions (regex) in Evilginx & sub_filters: How to Pattern Match for Traffic Filtering and Authentication Handling
6. Finalizing Subfilter Configurations: Resolving 404 Errors and Validating Proxy Host Entries
7. Validating Changes and Retrying the Phishlet: Resolving Major Errors and Generating New Lures for Validation
8. Finalizing the Phishlet: Validating Authentication Flow, Capturing Credentials and Session Tokens, Importing Cookies for MFA Bypass, and Taking Over the User's Account
9. Phishlet Troubleshooting and General Debugging Guide
10. Summary & Key Takeaways from Bypassing Snap's Security Measures with Evilginx
1. Troubleshooting Best Practices: Common Issues, Debugging Methodologies, and Problem-Solving Framework
2. Utilizing the Sources Tab in Developer Tools for Phishlet Debugging
3. Phishlet Troubleshooting and General Debugging Guide
1. Understanding Domain Filtering and Selection: Strategies for Professionals
2. Defining Domain Selection Criteria: Advanced Filtering with Free Enterprise Tools
3. Previewing Techniques in Domain Selection and Filtering (A/B Review)
4. Modern Phishing Domain Filtering Tutorial Part A: Advanced Techniques for Aged Domains and Reputation Management
5. Modern Phishing Domain Filtering Tutorial Part B: Audits of Domain Authority, Backlinks, and Keyword Optimization
6. Avoiding Modern Spam Filters And Land Your Prospect's Inbox (with Tom) - [Spam Checkers, Bots, Automated Filters, Preferences, Google Domains]
1. How We Defend Against Evilginx Phishing Attacks Using Passkeys
2. Defensive Strategies for Evilginx, Murena, Modlishka - Conditional Access Policies and Phishing-Resistant Techniques for Enterprise Security Professionals
3. How To Set Up Yubikey For DoD Websites And Applications
4. Defense Against Evilginx Phishing Attacks Using FIDO2 Passkeys and Entra ID Conditional Access
5. More Resources on Defending Microsoft 365
6. More Resources: Advanced MFA Phishing Threats and Defenses: A Curated Resource Guide
1. Introduction to CAPTCHAs in Reverse Proxy Phishing: Detection Methods and Their Impact on Phishlets
2. (NodeJS) How to Install and Setup Puppeteer with NPM
3. Overcoming CAPTCHA Challenges in Reverse Proxy Phishing: EvilPuppet's Approach to Human Interaction Simulation and Telemetry Manipulation
4. Telemetry Spoofing: Analyzing Browser Fingerprinting, Network Layer Signals, and Behavioral Data Manipulation
5. Advanced User Token Extraction and Injection: How Evilginx Pro Bypasses Secret Token Protections
6. Understanding JA4 Fingerprints
7. Sample Form with ReCAPTCHA
8. Awesome Puppeteer Use Cases
9. Evilginx Community vs. Pro: In-Depth Feature Analysis, Key Differences and Demo Showcase
1. How to Ensuring Persistent Evilginx3 Operations: A Comprehensive TMUX Tutorial for Evilginx and GoPhish
2. A Gentle Guide to TMUX - r/devops
3. Step 1: Using TMUX for Evilginx Session Persistence
4. Step 2: Using TMUX for GoPhish Server Persistence
5. (Code Resource) How to Running TMUX with EvilGoPhish (Evilginx3, GoPhish & EvilGoPhish Live Feed)
1. Exploring Offshore Hosting for Enhanced Anonymity: A Comparative Analysis
2. Top 3 Off-Shore Domain Providers in 2025
3. Ranking Anonymous Domain Registration and Server Hosting Providers: Simpler Hacking Team Rated Solutions (2025)
4. (Optional) Integration of VPNs: Timing, Setup, and Operational Best Practices
5. (Optional) How to use VPN into Your Evilginx Workflow: A General Guide
6. (Optional) Top 3 VPNs - Integrating Anonymous VPNs for Secure and Private Engagements
1. Evilginx2 & Evilginx3 Archived Phishlet Collection (2016-2025)
2. Complete Advanced Persistent Threat (APT) Groups, Operations, and Malware Attribution Collection (2025)
3. Red Teaming Toolkit (Filtered & Updated)
4. Understanding User Privileges in Red Teaming Simulations
5. REGEX Basic Syntax Cheat Sheet
6. Phishing Hostname/Domain Master Keyword List (Download)
7. (2024) Simpler Hacking Webinar Replay: Modlishka-Based Reverse-Phishing Attacks
1. Connect with Simpler Hacking & Stay Updated

Evilginx Phishlet Developer Masterclass (2025)

$199.99
10 hours of video content
Security Course
18 Chapters

Course Previews

Why This Course Was Created

Simpler Hacking has received hundreds of messages about making phishlets for Evilginx based on our popular Evilginx3-Phishlets Repository on Github. Instead of answering each question and request individually, it would be more beneficial for the community to explain how to make phishlets from scratch with an updated and structured framework.

Scripting with .YAML & O365

Why would you teach people something like this? Can't Evilginx be used for bad?

This is common question.

For those concerned about the ethics of hacking tutorials as well as tools such as Evilginx or phishlet scripts, it's not the learning of the skill that's unethical, but the choices made in applying it.

It's like using a hammer – it can be used to build something or to break something. The tool isn't "bad" per say, it’s how you use it that matters. Ethical hacking is using that "hammer" to make things safer, not to cause damage.

Ethical hacking, for example, is a legitimate and necessary practice in improving cybersecurity.

What This Course Focuses On

The main thesis of this course was to create an unfiltered course on the art of creating phishlets for Evilginx that is taught in a way that can be understood and implemented by anyone.

This course teaches Evilginx phishlet programming at a forensic level taught with intent and proper nuance needed to be successful when creating these scripts and deploying them.
You’ll gain hands-on experience with practical examples, tackling challenges like bypassing MFA, advanced programming, and token interception on popular US based companies.
This course fills a gap in reliable resources. It empowers you with the skills to operate at a high level independently, eliminating reliance on unreliable or incomplete guides.
This course speaks directly to programmers who are ready to master Evilginx phishlet creation—from understanding basic concepts to implementing sophisticated customizations. You'll get clear, code-driven examples and nuanced insights.

Who Exactly Is This Course For?

Students Seeking Deep Technical Knowledge: Educational resources related to Evilginx phishlet creation are limited. This course was built for those who want to understand why things work—not just how to make them work.
Those Willing to Commit to the Full Learning Experience: Building phishlets from scratch is not easy without guidance—it requires patience, technical effort, and a commitment to learning. This course is structured to give you a comprehensive understanding of phishlet development, but it demands your time and focus.
For Those Who Want to Elevate Phishing Beyond the Basics: Everybody is stressed about phishing and AI in the hands of cybercriminals obviously isn't helping. At an advanced level, phishing becomes an art form, where the real challenge lies in manipulating the target's trust over a sustained period.
Hackers Focused on Defensive and Offensive Techniques: This course is ideal for hackers who want to understand not only how phishing attacks work but also how to defend against them. An important section of the course includes the methodology of phishing-resistant MFA as well as a full comprehensive tutorial of how to activate/deactivate such protections.
For anyone wanting to learn about MFA phishing and how to think like an attacker.

Creating phishlets is a mixture of programming, logic & web security

With practice, it becomes much easier over time.

This training course will explain my systematic process for coding Evilginx Phishlets from scratch

That way you can make phishlets yourself without any outside intervention or troubleshooting. From proxy_hosts to js_inject.

Understanding each parameter with examples & references for contextual understanding

50% of Simpler Hacking students are outside of the USA, being able to bring a cost-effective solution to this information is important.

Master Creating Phishlets & Advanced Reverse-Proxy Phishing Attacks in 2025

This is a training course made for Hackers & Red Teamers looking to improve their phishing skills and understand how to build custom phishlets that bypass 2025's security measures.

Enroll Now

Trusted by our sponsors

NEW COURSE LAUNCH SALE: Save 25% OFF!

Evilginx Phishlet Developer Masterclass (2025)

Course Curriculum (All Lessons & Chapters)

Intro to Modern Phishing in 2025 | Attack Methodologies: Understanding Evilginx, EvilProxy & V3B Kit Demos

Evilginx Phishlets Documentation Review

Basics of Programming in YAML: (YAML Ain't Markup Language™)

Infrastructure & Tools Setup

Application Network Traffic Analysis 101: Beginner to Expert w/ Developer Tools

User Authentication 101: Understanding Cookies, Auth Tokens, Session Management, Token Architecture, and Implementation Methods

Web Authentication & Reverse Engineering: Methodologies, Tools and Traffic Inspection Techniques with Hussain

What We've Learned So Far!

Building a Custom Phishlet #1 – Hands-On Tutorial for Building and Deploying a Custom Phishlet

Comparing Authentication System Security: Ranking Complexity from Standard Web Logins to Enterprise-Grade Defenses (L1–L4)

Phishlet Lab #2 (Part A): Network Traffic Interception, Session Token Extraction, and Phishlet Architecture Development

Phishlet Lab #2 (Part B): Configuring Subfilter Logic, Authentication Flow Validation, and Deployment Optimization

Debugging and Troubleshoot Phishlets

Going Live & Avoiding the Spam Inbox: How to Select and Filter Domains Like a Pro for Effective Email Deliverability at Scale

Defending Against Modern Reverse-Proxy Phishing – Mitigation Strategies for Modern Attacks

Understanding Evilginx Pro: Puppeteer, EvilPuppet, Advanced Features, Access Guidelines, and Other Considerations

TMUX Tutorial: What It Is, How to Install and Use It with Evilginx

(Requested) Anonymous Infrastructure & VPN Integration: Secure Deployment and Off-Shore Hosting

Bonus Resources - Custom Phishlets, Tool Kits, Email Templates, Course Files, Materials, Streams & Webinars

Conclusion & Next Steps

Evilginx Phishlet Developer Masterclass (2025)

Course Previews

Why This Course Was Created

Why would you teach people something like this? Can't Evilginx be used for bad?

What This Course Focuses On

Who Exactly Is This Course For?

Creating phishlets is a mixture of programming, logic & web security

This training course will explain my systematic process for coding Evilginx Phishlets from scratch

Master Creating Phishlets & Advanced Reverse-Proxy Phishing Attacks in 2025

Trusted by our sponsors