Modlishka is a penetration testing tool functioning as a man-in-the-middle proxy. It transparently proxies multi-domain TLS/non-TLS traffic over a single domain, bypassing many 2FA implementations.
Key Features:
- Universal 2FA Bypass: Supports a wide range of 2FA schemes.
- Transparent Proxying: Proxies HTTP and HTTPS traffic without requiring client-side certificate installation.
- Client Domain Hooking: Implements the Client Domain Hooking attack.
- JavaScript Injection: Allows pattern-based JavaScript payload injection.
- Stateless Design: Enables easy scaling for handling large traffic volumes.
- Plugin Support: Extensible through modular plugins.
Use Cases:
- Ethical phishing penetration tests.
- Wrapping legacy websites with TLS.
- Credential harvesting.
- Web session impersonation.
