Understanding phish_sub vs orig_sub in Evilginx YAML: Do They Need to Match?

Evilginx
, ,
1

In the FluxxSet video (https://www.youtube.com/watch?v=Zr_oImAiDJk), at timestamp 12:32, he sets different phish_sub values like www2, www3, and mentions that repeating phish_sub values are not allowed.

I’d like to clarify:

  • Can I assign any phish_sub value to a given orig_sub, or does it have to match the original subdomain?

  • Or if the same subdomain (e.g., secure.login) appears more than once under the same second-level domain (SLD), is it necessary to append a number (e.g., secure.login2, secure.login3) to avoid conflicts?

1 Like
2

there is no need to match with orignal subdomain , u can add anyting just make sure that its unique and not clashing with other phish domain

1 Like