Modlishka

Modlishka takes phishing campaigns to the next level. It is a flexible and powerful reverse proxy that provides a high level of automation for phishing attacks.

The aim of Modlishka is to do the following:

• Focus more on penetration testers who are carrying out an effective phishing campaign to show that phishing is a serious threat
• Look at current two-factor authentication (2FA) weaknesses and highlight these so that solutions can be put in place
• Raise awareness about phishing techniques

What is unique about Modlishka is that there is no need for templates. In other social engineering tools, you would need to use a template, or even build your own. Modlishka works on a reverse proxy so that the target website is opened live.

Some of the main features of Modlishka are as follows:

• Support for most 2FA schemes
• No need to create a website template—all you need to do is point Modlishka to the target domain
• The TLS cross origin flow is fully controlled from the target's browser
• Phishing scenarios are easily configurable and flexible
• Ability to use pattern-based JavaScript payload injection
• Ability to strip the encryption and security headers
• Credential harvesting
• Support of plugins

The installation of Modlishka requires the Go language. The Go language is an open source programming language that is developed by Google. It uses syntaxes similar to scripting languages, thus making it easy to build simple, reliable, and efficient software.

We will cover the installation of Modlishka later in this chapter.