What is Modlishka?

How Modlishka Works?

How to Set up Modlishka in Kali Linux

apt-get install golang

export GOPATH=$HOME/go

echo $GOPATH

go get -u github.com/drk1wi/Modlishka

cd root/go/src/github.com/drk1wi/Modlishka

openssl genrsa -out MyCA.key 2048

openssl req -x509 -new -nodes -key MyCA.key -sha256 -days 1024 -out MyCA.pem

ls

leafpad MyCA.key

leafpad plugin/autocert.go









leafpad MyCA.pem

leafpad plugin/autocert.go

make

./dist/proxy -h

nano templates/google.com_gsuite.json

./dist/proxy -config templates/google.com_gsuite.json

We all try to secure our all online accounts and social media accounts and we turn on the Two-Factor Authentication or Two-Step Verification. Then we think that we are now safe. Sometimes we check a phishing page with wrong password. But Modlishka can bypass Two-factor authentication (2FA).Modlishka, a reverse proxy automated advanced phishing tool which is written in Go language.It is called the most powerful and ferocious phishing tool ever created. This tool can perform advance level of phishing. Modlishka can easily bypass two factor authentication running on Gmail, YahooMail, RadiffMail, Facebook etc and catch the credentials like username, password, two factor authentication token.The best thing of Modlishka is this tool doesn't require any saved phishing page or templates to perform phishing. It uses reverse proxy to open the website live.Modlishka works on both social engineering and MITM (Man-In-The-Middle) attack technique. Modlishka server stays between the target website and victim and act like a proxy for victim. The requests are sending from victim and target website passes through Modlishka server. Just like the following picture:That's why Modlishka can easily grab the username and passwords given by user and the authentication token it also can capture the sessions and cookies between user and website. Attacker can also use them to make web session.In this process user will not even realize for a moment that the account was stolen. That's why Modlishka is a very dangerous tool.Modlishka is very easy to set up that makes this tool more dangerous. To be safe from this tool we need to check the link we are clicking very carefully, and it will use third party SSL certificate, supose some one send a phishing link of Gmail using Modlishka then this phishing site will not have Google's SSL certificate.Be aware and try to not click in any links.This tool is written in Golang. We need to install Golang in our Kali Linux system. Apply the following command in terminal.The screenshot is following:After installing Golang we need to set our GOPATH, this is just like we set path for Java. We will do this using following command:The screenshot is followingLet we check that our path 'go' is set in the root directory or not, to check this we type following command:The screenshot is below:We can see in the screenshot that or go directory is under the root directory. Yes it's perfect.After setting the path we need to download Modlishka from Github to do this we are going to use following command:Remember that we didn't use https or www before the github link and this command will not show how much percentage we downloaded it will download total tool, we need to wait some time here the screenshot is following:Then we need to go to the downloaded folder by using the command:The output of the command is belowNow we can compile Modlishka but before compile this we generate the SSL certificate , here we configure in local host but we also can use our registered domain ( Homograph will better ) and SSL certificate here.First of all we generate a RSA private key by applying following command:We can use any name of the key file.Here is the screenshot of the command:In the next we are going to generate SSL certificate. The command is following:The screenshot is following.In the information field section we can use any fake information. Feel this looks like target domains SSL information.Now we can check our SSL certificate and key using ls command:The following screenshot shows us the key file(MyCA.key) and the certificate(MyCA.pem):Now we open the key file in leafpad using following command:And copy the whole text then close it, we use Ctrl+A to select all and Ctrl+C to copy the whole thing.After copy the key we need to paste it in autocert.go file in plugin directoryopen this with leafpad text editor applying following command:Paste the key in in the place of the PASTE_YOUR_CA_CERT_KEY_HERE. We will remember that our key will inside of ' '. See following screenshot:Save and close it and then we will copy and paste our SSL certificate. Use following command to copy the certificate.The screenshot is following:We will copy the whole thing and paste in the autocert.go file. Let's again open the file in leafpad text editor by using following command:Then paste it in the place of PASTE_YOUR_CA_CERT_HERE . The screenshot is following:Save and close autocert.go file.Yah we all set up now we are going to compile Modlishka using following command.If we did everything well then it will look like following screenshot.Now we can check the options by applying the commandThe screenshot of the command is belowThen we configure a target website for phishing. By default Modlishka use google's domain as target. Use the command to change target domain.The screenshot of the command is below:Before running Modlishka we need to import our custom SSL certificates in our browser. If we use registered domain then we don't need to do this cause in that case we use original SSL certificate.So open firefox web browser and go toThe select the MyCA.pem file in the directory root/go/src/github.com/drk1wi/ModlishkaThe screenshot is following:Now we are all set to start Modlishka server. We did not changed the configuration file so we start using following command :Then the tool will be started in our localhost. The screenshot of Modlishka is following :Modlishka is started now go to firefox browser and we go to the https://www.loopback.modlishka.io and this will open Google.com in live mode.Now go to log in page and try to log in with fake password or 2 factor authenticate.This is a grate tool, isn't it ? Write your thoughts in the comment section. Thanks for read this.