Modlishka

Modlishka is a MITM proxy to bypass 2FA, enabling transparent multi-domain TLS traffic over a single domain without client certificates.

Visit Website Share on X

Visit Website

Introduction

Modlishka is a penetration testing tool functioning as a man-in-the-middle proxy. It transparently proxies multi-domain TLS/non-TLS traffic over a single domain, bypassing many 2FA implementations.

Key Features:

Universal 2FA Bypass: Supports a wide range of 2FA schemes.
Transparent Proxying: Proxies HTTP and HTTPS traffic without requiring client-side certificate installation.
Client Domain Hooking: Implements the Client Domain Hooking attack.
JavaScript Injection: Allows pattern-based JavaScript payload injection.
Stateless Design: Enables easy scaling for handling large traffic volumes.
Plugin Support: Extensible through modular plugins.

Use Cases:

Ethical phishing penetration tests.
Wrapping legacy websites with TLS.
Credential harvesting.
Web session impersonation.

Back

Information

Publisher
Admin
Websitegithub.com
Created date08/07/2025
Published date08/07/2025

More Resources

AI SecurityApplication SecurityExploit DevelopmentReverse EngineeringRed Team OperationsAPI Security

Visit Website

Raptor

Details

Autonomous security research framework that turns Claude Code into an agent for adversarial code analysis, fuzzing, and exploit generation.

AI Static Analysis

Exploit DevelopmentInfrastructure SecurityRed Team Operations

Visit Website

IronPE

Details

Rust-based Windows PE manual loader supporting x86/x64. Implements manual mapping, base relocations, and import resolution for memory-based execution.

Internal