Download
Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy of multi-domain destination traffic, both TLS and non-TLS, over a single domain, without the requirement of installing any additional certificate on the client. What exactly does this mean? In short, it simply has a lot of potential, that can be used in many use case scenarios. Modlishka was written as an attempt to overcome standard reverse proxy limitations and as a personal challenge to see what is possible with sufficient motivation and a bit of extra research time. The achieved results appeared to be very interesting and the tool was initially released and later updated.
Features
- Support ethical phishing penetration tests with a transparent and automated reverse proxy component that has a universal 2FA “bypass” support
- Automatically poison HTTP 301 browsers cache and permanently hijack non-TLS URLS
- Diagnose and hijack browser-based applications HTTP traffic from the "Client Domain Hooking" attack perspective
- Wrap legacy websites with TLS layer, confuse crawler bots and automated scanners, etc.
- Highlight currently used two factor authentication (2FA) scheme weaknesses, so adequate security solutions can be created and implemented by the industry
- Support other projects that could benefit from a universal and transparent reverse proxy
Project Samples
