Search the Community

[HIDE][Hidden Content]] Introduction Modlishka is a very powerful Reverse Proxy tool that allows you to run phishing campaigns. It can be very useful to all pentesters since Modlishka is able to show current 2FA weaknesses (bypass 2FA protection on popular websites: Gmail, Yahoo, etc.) and help you find and implement adequate security solutions. Disclaimer: This tool is made only for educational purposes and can be only used in legitimate penetration tests. Author does not take any responsibility for any actions taken by its users. Modlishka: Powerful Reverse Proxy, Phishing NG, Bypassing 2FA Modlishka is written in Go and it allows you to carry out an effective phishing campaign. In addition, according to the official docu, you can adjust the configuration for your chosen domain. This reverse proxy tool can be easily customized through a set of available command line options or JSON configuration files. Modlishka tool is able to trick 2FA systems by collectiing 2FA tokens, without using fake templates (you just need to point to the target domain). To start pentesting/ phishing with Modlishka, all you need is TLS certificate and phishing domain. Modlishka v.1.1.0 Evolved Released! This release contains many bug fixes, improvements and redesign in comparison to the previous version. Among the most interesting features in this release you will find: practical implementation of the \u201eClient Domain Hooking\u201d attack. [Hidden Content] improved transparent proxying for both HTTP/HTTPS/mixed traffic HTTP TLS stripping HTTP TLS website wrapper (in case you need to secure your website). From the usage perspective it is important to take into account that Modlishka will listen on both 80(HTTP) and 443(HTTPS) ports by default from now on. Parametr names have also changed (please consult the help output for details). Updated WIKI will follow shortly.