Modlishka
Modlishka is a flexible and powerful reverse proxy, which will take your phishing campaigns to the next level.
It was released with a purpose:
Help the penetration testers to execute an effective phishing campaign, and strengthen the fact that phishing can pose a serious threat.
Show current 2FA vulnerabilities, so adequate security measures can be prepared and implemented soon.
Increasing community awareness about modern phishing techniques and strategies
Support other open source projects for which a universal reverse proxy is required.
Features:
Some of the most important 'Modaliska' features:
Support for the majority of 2FA certification schemes (by design).
A website template (Modalisca only for the target domain - in most cases, it will be automatically controlled).
Full control of the "cross" original TLS traffic flow from your victim browsers (via custom new technologies)
Flexible and easily configurable phishing scenarios through configuration options
Pattern based JavaScript payload injection.
Stripping website with all encryption and security headers (back to the 90's MITM style).
User credential harvesting (based on reference parameters identified with URL parameters)
Through plugins can be extended with your ideas.
Stateless Design An arbitrary number of users can be easily extended - the former. Through the DNS load balanceor.
Web panels with summaries of collected credentials and user session impersonation (beta)
Backdoor ;-)
Written in Go.
An example: In the action against the 2FA (SMS) enabled authentication scheme, Modaliska:
Comments
Post a Comment
If you have any query, please let us know