> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# Evilginx2 — MFA bypass

> Reverse proxy phishing.

# Evilginx2 — MFA bypass

<p className="glossary-answer">Reverse proxy phishing.</p>

**Categoría:** [Phishing & Social](/glosario)

🎯 **Trinchera** — Reverse proxy phishing. Tu dominio sirve la
página real de Microsoft/Google/Okta vía proxy; capturas
credenciales **+ session cookie tras MFA completado**. La
session cookie ya pasó MFA → MFA defeated.

🔗 **Kill chain** — `evilginx2 -p phishlets/` → `phishlets enable
o365` → `lures create o365` → URL phishing → víctima autentica con
MFA → session cookie en consola atacante. Importas la cookie en
navegador → sesión activa de la víctima.

📡 **Huella defensiva** — Sign-in logs de Microsoft Entra:
**campaña de phishing reportada hasta 2025 contra Gmail,
Outlook, Yahoo** ([Abnormal](https://abnormal.ai/blog/cybercriminals-evilginx-mfa-bypass)).
Detección por User Agent + IP del proxy.

⚠️ **Falso amigo** — **Phishing-resistant MFA (FIDO2/passkeys) lo
mata** — el authenticator no firmará para un dominio distinto del
registrado.

🛡️ **Remediación** — Migrar a passkeys/FIDO2 (no SMS/TOTP/push),
Conditional Access con compliant device, Azure Identity Protection
risk-based.

***

← [Volver al glosario completo](/glosario)

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"DefinedTerm","name":"Evilginx2 — MFA bypass","description":"Reverse proxy phishing.","inDefinedTermSet":{"@type":"DefinedTermSet","name":"Glosario táctico de pentesting","url":"https://rootea.es/glosario"},"url":"https://rootea.es/glosario/evilginx2-mfa-bypass"}`}
</script>

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Inicio","item":"https://rootea.es"},{"@type":"ListItem","position":2,"name":"Glosario táctico","item":"https://rootea.es/glosario"},{"@type":"ListItem","position":3,"name":"Evilginx2 — MFA bypass","item":"https://rootea.es/glosario/evilginx2-mfa-bypass"}]}`}
</script>

*Última actualización: 2026-06-11*
