New reverse proxy tool Modlishka

You can Bypass Two-Factor Authentication and Automate Phishing Attacks by New Reverse Proxy Tool call Modlishka.
A Polish cybersecurity researcher has released a tool called Modlishka designed for pen testers
The tool will help the pentesters, but may also facilitating the APT Groups in phishing

Modlishka Feature:

  • Phishing tool that bypasses Gmail 2FA
  • Support for majority of 2FA authentication schemes
  • Support for majority of 2FA authentication schemes (by design).
  • No website templates (just point Modlishka to the target domain - in most cases, it will be handled automatically).
  • Full control of "cross" origin TLS traffic flow from your victims browsers (through custom new techniques).
  • Flexible and easily configurable phishing scenarios through configuration options.
  • Pattern based JavaScript payload injection.
  • Striping website from all encryption and security headers (back to 90's MITM style).
  • User credential harvesting (with context based on URL parameter passed identifiers).
  • Can be extended with your ideas through plugins.
  • Stateless design. Can be scaled up easily for an arbitrary number of users - ex. through a DNS load balancer.
  • Web panel with a summary of collected credentials and user session impersonation (beta).
  • Written in Go.

Modlishka Github:


Popular posts from this blog

zimbra some services are not running [Solve problem]

Bash script list all IP addresses connected to Server

How to install php7 on centos 6