Posted by
We all try to secure our all online accounts and social media accounts and we turn on the Two-Factor Authentication or Two-Step Verification. Then we think that we are now safe. Sometimes we check a phishing page with the wrong password. But Modlishka can bypass Two-factor authentication (2FA).
What is Modlishka?
Modlishka, a reverse proxy automated advanced phishing tool which is written in the Go language. It is called the most powerful and ferocious phishing tool ever created. This tool can perform an advance level of phishing. Modlishka can easily bypass two-factor authentication running on Gmail, YahooMail, RadiffMail, Facebook etc and catch the credentials like username, password, two-factor authentication token.
The best thing of Modlishka is this tool doesn’t require any saved phishing page or templates to perform phishing. It uses a reverse proxy to open the website live.
How Modlishka Works?
Modlishka works on both social engineering and MITM (Man-In-The-Middle) attack technique. Modlishka server stays between the target website and victim and acts as a proxy for the victim. The requests are sending from the victim and target website passes through Modlishka server. Just like the following picture:
That’s why Modlishka can easily grab the username and passwords given by the user and the authentication token it also can capture the sessions and cookies between user and website. the attacker can also use them to make a web session.
In this process, the user will not even realize for a moment that the account was stolen. That’s why Modlishka is a very dangerous tool.
Modlishka is very easy to set up that makes this tool more dangerous. To be safe from this tool we need to check the link we are clicking very carefully, and it will use a third-party SSL certificate, suppose someone sends a phishing link of Gmail using Modlishka then this phishing site will not have Google’s SSL certificate.
Be aware and try to not click in any links.
How to Set up Modlishka in Kali Linux
This tool is written in Golang. We need to install Golang in our Kali Linux system. Apply the following command in terminal.
apt-get install golangThe screenshot is following:
After installing Golang we need to set our GOPATH, this is just like we set the path for Java. We will do this using the following command:
export GOPATH=$HOME/goThe screenshot is following
Let we check that our path ‘go’ is set in the root directory or not, to check this we type the following command:
echo $GOPATHThe screenshot is below:
We can see in the screenshot that or go directory is under the root directory. Yes, it’s perfect.
After setting the path we need to download Modlishka from Github to do this we are going to use the following command:
go get -u github.com/drk1wi/ModlishkaRemember that we didn’t use https or www before the GitHub link and this command will not show how much percentage we downloaded it will download total tool, we need to wait sometime here the screenshot is following:
Then we need to go to the downloaded folder by using the command:
cd root/go/src/github.com/drk1wi/ModlishkaThe output of the command is below
Now we can compile Modlishka but before compiling this we generate the SSL certificate, here we configure in localhost but we also can use our registered domain (Homograph will better ) and SSL certificate here.
First of all, we generate an RSA private key by applying the following command:
openssl genrsa -out MyCA.key 2048We can use any name of the key file.
Here is the screenshot of the command:
In the next, we are going to generate SSL certificate. The command is the following:
openssl req -x509 -new -nodes -key MyCA.key -sha256 -days 1024 -out MyCA.pemThe screenshot is following.
In the information field section, we can use any fake information. Feel this looks like target domains SSL information.
Now we can check our SSL certificate and key using ls command:
lsThe following screenshot shows us the key file(MyCA.key) and the certificate(MyCA.pem):
Now we open the key file in leafpad using the following command:
leafpad MyCA.keyAnd copy the whole text then close it, we use Ctrl+A to select all and Ctrl+C to copy the whole thing.
After copy the key we need to paste it in autocert.go file in the plugin directory
open this with leafpad text editor applying the following command:
leafpad plugin/autocert.go
Paste the key in the place of the PASTE_YOUR_CA_CERT_KEY_HERE. We will remember that our key will inside of ‘ ‘. See the following screenshot:
Save and close it and then we will copy and paste our SSL certificate. Use the following command to copy the certificate.
leafpad MyCA.pemThe screenshot is following:
We will copy the whole thing and paste in the autocert.go file. Let’s again open the file in leafpad text editor by using the following command:
leafpad plugin/autocert.goThen paste it in the place of PASTE_YOUR_CA_CERT_HERE . The screenshot is following:
Save and close autocert.go file.
Yah we all set up now we are going to compile Modlishka using following command.
makeIf we did everything well then it will look like the following screenshot.
Now we can check the options by applying the command
./dist/proxy -hThe screenshot of the command is below
Then we configure a target website for phishing. By default, Modlishka uses google’s domain as target. Use the command to change the target domain.
nano templates/google.com_gsuite.jsonThe screenshot of the command is below:
Before running Modlishka we need to import our custom SSL certificates in our browser. If we use a registered domain then we don’t need to do this cause in that case we use an original SSL certificate.
So open a firefox web browser and go to
Prefernces > Advanced > Certificates > View Cretificates > Import
Then select the MyCA.pem file in the directory root/go/src/github.com/drk1wi/Modlishka
The screenshot is following:
Now we are all set to start Modlishka server. We did not change the configuration file so we start using the following command :
./dist/proxy -config templates/google.com_gsuite.jsonThen the tool will be started in our localhost. The screenshot of Modlishka is following :
Modlishka is started now go to firefox browser and we go to the https://www.loopback.modlishka.io and this will open Google.com in live mode.
Now go to the login page and try to log in with a fake password or 2 factors authenticate.
This is a great tool, isn’t it? Write your thoughts in the comment section.
Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.
Spyboy blog 