Modlishka — Advanced Phishing | Bypass Two Factor Authentication

Oh my god it really works

Nice post,it helps me alot,keep it up !!

Good job buddy

Super-duper hit tutorial

Wow….really working tutorial

It's grate tool

yah..its a grate tool.. thanks for this info

Como realizo la configuración para enviar el link al usuario final?

Cual seria el link a enviar?

Por favor explicar cual seria el link para enviar para enviar por correo ?

Gracias por tu valioso comentario. Si está utilizando WAN con un dominio registrado y certificados SSL, puede enviar el enlace a cualquier formulario, como correo o SMS o redes sociales. He discutido algunas buenas técnicas en el último de este post. lea todo (lo siento, no sé español, escribí esto con la ayuda del traductor de Google)

Gracias por tu valioso comentario maestro. En este tutorial usé una conexión LAN, lo que significa que solo funciona para aquellos que se conectaron a nuestra red. ¿Cómo enviar el enlace? oh simplemente sms

How to freessl cert for this ,

When i am run… proxy..then show that permission denite

try with sudo tthen command .. Kali updated to non root user. thats why this error comes.. try sudo bfore your command.

Please help I can't seem to install golang on my Kali Linux 2020.2, I've tried using sudo still no avail. Please help me!!!

You can try to install Golang manually. Check our most resent article. Keep visiting. Thanks

Great tutorial, it helped me!
But I have a question, this was to try on our own LAN but what if we want to send the link to another person? Can we do it using a free domain host?

This is not made for hosting as a website. A simple solution is we can use ngrok or portmap services to make it accessible via internet.

I have done all the setting you mentioned but i am getting problem on last step which means after i am putting the command "./dist/proxy -config templates/google.com_gsuite.json". By opening gmail it is showing as "This browser or app may not be secure". Then i used different website other than gmail to login but getting a error of "tls handshake error from 127.0.0.1 eof".

I am using Kali linux 2020.1 with firefox quantum 68.2 version.

Let us check these issues and give us some time to try these things. We will get back to you on couple of days. Thanks

Thank you so much and i am waiting for your solution.

Hi we have asked your question to Modlishka developers. They answered "check if the tool is listening on all ports and you will have to create your own certificate to get rid of the remaining tls related warnings.". You can check our conversions here

Thank you so much brother! will not forget your help. I will try to correct myself.

Hi, thanks for the effort, I got stuck when opening the autocert.go it didnt show the code so I can paste the key in; the window was an empty text editor with no code, am I doing anything incorrectly?
Thank you!

modlishka failed to downlod and its not available in github.

modlishka failed to downlod and its not available in github.

It's in the same place https://github.com/drk1wi/Modlishka

It's in the same place https://github.com/drk1wi/Modlishka

how??pls explain i also want to know that pls perefer ngrok

@kiddiee We don't suggest ngrok. We suggest to use portmap.

hello really appreciate ur work do u mind telling how to use ngrok token or portmap please.feel free to drop a mail to muhasheikh8@gmail.com

We have tutorial for Portmap, you can check it. Or you can learn it easily form Goggle search or Youtube. Thanks.

How can I get leafpad ? I can't create the key without it

Leafpad is a text editor of Gnome Environment. After Kali new update it got xfce. mousepad is also good editor. Simply you can replace "leafpad" to "mousepad".

can I pay you to install this for me on laptop still struggling contact me john.lu2477@gmail.com

Im getting stuck at " ls" and "leafpad MyCA.key" am I suppose to open up a new Kali Linux tab ?

We don't accept money from our readers. You can ask here (comment section) for any kind of problems we will try to help you. Thanks

something is wrong with this part

" cd root/go/src/github.com/drk1wi/Modlishka/
-bash: cd: root/go/src/github.com/drk1wi/Modlishka/: No such file or directory "

This file system was for previous version of Kali, now you need to use newer file system where root user is not default and xfce. You need to choose your own non-root user and those file system and folders.

how can i log into my instagram account, i lost my phone which I used for two factor authentication, whenever i try to login, instagram sends me security code to my phone number, which i lost,…. can any hody help me to get my account back

Get another SIM card with the same number. Your problem is solved. Using Modlishka we can trick user to bypass two-step verification, but if anyone don't know this we can't use phishing technique.

HI I installed modlishka and everything seems to be working fine apart from one issue i face:
If i try to log in from firefox its telling me couldnt sign you in after just enterring the email address and pressing next.
In chrome after putting the email address and pressing next i get the message cookies disabled.
i aready checked the browser settings cookies are all allowed and i even added the link in the cookie list just to see, but same problem.

Do i need to adjust anything in the json file or where could my problem be ?
Any help would be much appriciated

This happens with us also. We have seen in this problem happens with lots of people.
You can check this issue on modlishka repository. But the developers didn't replayed. Did this happens with only Google?

Thats also my problem the developer seems to have disappeared as he hasn't replied to any of the post there.
At this stage I only checked with google cause that was my main reason to look into this program now im currently searching for another one which would give me the same benefits as modlishka.
I think I will check it with other sides aswell to see if it is only google or more, cause that would actually indicate at least in the direction were we need to look at.
I couldn't find any other (active) side whos still dealing with modlishka they all got tutorials, but when it comes to people who need assistance they all seem to have disappeared unfortunately….

Yap. We need their assistance. If you found anything please tell us. Thanks.

I have exactly the same problem. Tried it with mousepad, got an error: 'Unable to init server: could not connect: connection refused' GtK warming: IP adress: cannot open display. How do we fix this?

Its showing ssh not installed

It is simple. It means you need to install ssh. Try following commands on terminal:

sudo apt update
sudo apt install openssh-server

That's all. Hope this help you. Thanks.

Tool still working?

Give it a try. We seriously don't know much about now.

i can't impoer certificate into firefox please help, can you teach how to change target domain

go this step , i cannot run commands : cd root/go/src/github.com/drk1wi/Modlishka

someone help me
my telegram @harrychung
thanks

Please read carefully you will be able to generate firefox certificates. This article is older so the options in firefox may be moved to other places. But you can find them easily.

Thanks.

someone help me
after I run the command:
./dist/proxy -config templates/google.com_gsuite.json
I got the following error:!!! Error unmarshalling JSON configuration (templates/google.com_gsuite.json): invalid character 'x' looking for beginning of value . Terminating.
someone help me
thank you

You just have to copy and paste the cert and key to the autocert.go and "make". no need to add any 'n' chars. no need to add anything to json after this. autocert generates certificates on its own.

I got also the error this browser or app not secure
how can solve it?

Should I edit the template json with address and port? and how edit it?
thanks

Modlishka admin solved this. But We don't know why they don't make it public. Here you can see what the creator of Modlishka said on GitHub.

I was able to make my private key but when I run "make" it says go.mod file not found. Where can I find this file? Thank you

This seems problem in your 'go'. Make sure that you have updated version of go. Then start everything from the very beginning.

When I run make. Here is what I got. Please help.
make: *** No targets specified and no makefile found. Stop.

Please run ls command and make sure that there is file named "makefile". I think you didn't properly cloned the Modlishka repository from GitHub. Thanks.

Firefox can’t establish a connection to the server at www.loopback.modlishka.io.

Any solution to this??

How did you generate the certificate? remember that CA certificate goes to the autocert plugin (used for testing), while the final certificate (that should be also signed by a trusted CA) is set in the json file

Nice fake replies to your own post lol, even spelled "great" wrong in the same way…

!!! x509: malformed certificate . Terminating. that is the response i keep getting

This is somewhat of a bug in pre-1.17 behavior, but poses a question about what we should do in the post-1.17 parser. The pre-1.17 parser ignores the class of the ASN.1 tag for each name, meaning it accepts tags with the correct context-specific tag, but invalid class bits, such as in this case (from your example the full tag is 0x06, so the class bits are 000, and the tag is 0x06). This means we attempt to parse a random OID as a URI, which is obviously wrong, and throws an error.

In the post-1.17 parser we are more strict, validating that the class bits are correct for the tag, ignoring the strange entries in the SubjectAltName. This is, I believe, the correct behavior.

This does pose a question though, we currently accept entries in the SEQUENCE OF which contain both context-specific tags >8, the highest tag specified in RFC 5280, and invalid class bits. It may be prudent, and catch cases like this, to throw an error when we hit these cases, since they are not spec compliant. Since crypto/x509 explicitly targets the web PKI, it seems acceptable to refuse to accept these types of malformed certificates, which while may be acceptable elsewhere, are invalid according to the rules of RFC 5280.