removing EvilNgix2 indictors from the default installation:

Tool link: https://github.com/kgretzky/evilginx2

Change headers

Evilginx adds the X-Evilginx header 3 times in the code (!)

Change the bytes in here (they decode to X-Evilginx)

https://github.com/kgretzky/evilginx2/blob/master/core/http_proxy.go#L350

And in here: https://github.com/kgretzky/evilginx2/blob/master/core/http_proxy.go#L562

And here: https://github.com/kgretzky/evilginx2/blob/master/core/http_proxy.go#L1457

You can see the decode here:

https://go.dev/play/p/iOXekn8LxKI

Change thumbnail

Evilginx default thumbnail is Rick Roll youtuve video, change this…

https://github.com/kgretzky/evilginx2/blob/master/core/config.go#L73

Credit:

https://outpost24.com/blog/Better-proxy-than-story

https://www.blackhillsinfosec.com/wp-content/uploads/2021/03/SLIDES_OPSECFundamentalsRemoteRedTeams-1.pdf