Modlishka - Flexible and Powerful Reverse Proxy
Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level.
It was realeased with an aim to:
- help penetration testers to carry out an effective phishing campaign and reinforce the fact that serious threat can arise from phishing.
- show current 2FA weaknesses, so adequate security solutions can be created and implemented soon.
- raise community awareness about modern phishing techniques and strategies.
Features
Some of the most important ‘Modlishka’ features :- Support for majority of 2FA authentication schemes (by design).
- No website templates (just point Modlishka to the target domain – in most cases, it will be handled automatically).
- Full control of “cross” origin TLS traffic flow from your victims browsers (through custom new techniques).
- Flexible and easily configurable phishing scenarios through configuration options.
- Pattern based JavaScript payload injection.
- Striping website from all encryption and security headers (back to 90’s MITM style).
- User credential harvesting (with context based on URL parameter passed identifiers).
- Can be extended with your ideas through plugins.
- Stateless design. Can be scaled up easily for an arbitrary number of users – ex. through a DNS load balancer.
- Web panel with a summary of collected credentials and user session impersonation (beta).
- Backdoor free ;-).
- Written in Go.
Post a Comment