Hacking Tools

Modlishka – An Open Source Phishing Tool With 2FA Authentication

Modlishka is a go based phishing proxy that takes your phishing campaigns to the next level. The main feature that makes it different from the other phishing tools, is that it supports 2FA authentication. It is easy to configure with great flexibility that allows the attacker to control all the traffic from a target’s browser.

Installing Modlishka

To install Modlishka, download the repo from github with ‘go get’ as shown below.

go get -u github.com/drk1wi/Modlishka

After that go inside the ‘go’ folder and run the make file depending on your OS.

cd $GOPATH/go/src/github.com/drk1wi/Modlishka/

That’s it.

Running Modlishka

To run the proxy go to the ‘dist’ folder and run the script.

cd dist/

./proxy -h

We see many different options. You can create your own SSL certification using ‘openssl‘ to make the phishing campaign more trustworthy. Also, consider registering a domain name. There are also options to bypass some security measures such as anti-SSRF. In our example we will keep it simple and run it against a facebook domain.

Simply run the command below against a site target to see the proxy in action. The phisingDomain option needs to be changed to suit your needs. If you want to use the ‘loopback.modlishka.io‘ as shown below you have to change the ‘index.html‘ file inside your apache folder(/var/www/) to fit the template you need.

./proxy -target https://facebook.com -phishingDomain loopback.modlishka.io -listeningPort 80

After that you need to go in the control panel to see all the credentials you got. Type this in your browser.


Click to comment

You must be logged in to post a comment Login

Leave a Reply

To Top

Pin It on Pinterest

Share This