New reverse proxy tool Modlishka
You can Bypass Two-Factor Authentication and Automate Phishing Attacks by New Reverse Proxy Tool call Modlishka.
A Polish cybersecurity researcher has released a tool called Modlishka designed for pen testers
The tool will help the pentesters, but may also facilitating the APT Groups in phishing
Modlishka Github: https://bit.ly/2RxKEGw
Source: https://ibm.co/2AQRsF2
A Polish cybersecurity researcher has released a tool called Modlishka designed for pen testers
The tool will help the pentesters, but may also facilitating the APT Groups in phishing
Modlishka Feature:
- Phishing tool that bypasses Gmail 2FA
- Support for majority of 2FA authentication schemes
- Support for majority of 2FA authentication schemes (by design).
- No website templates (just point Modlishka to the target domain - in most cases, it will be handled automatically).
- Full control of "cross" origin TLS traffic flow from your victims browsers (through custom new techniques).
- Flexible and easily configurable phishing scenarios through configuration options.
- Pattern based JavaScript payload injection.
- Striping website from all encryption and security headers (back to 90's MITM style).
- User credential harvesting (with context based on URL parameter passed identifiers).
- Can be extended with your ideas through plugins.
- Stateless design. Can be scaled up easily for an arbitrary number of users - ex. through a DNS load balancer.
- Web panel with a summary of collected credentials and user session impersonation (beta).
- Written in Go.
Modlishka Github: https://bit.ly/2RxKEGw
Source: https://ibm.co/2AQRsF2
Comments
Post a Comment