This PoC should not be adapted to the production systems.
LEGITIMATE_HOSTto the actual domain you are going to host this application on.
SECRET_KEYto some random value.
docker-compose up --build
- Setup Modlishka/evilginx2 instance pointing to the original site and check if fraud will be detected after logging in.