Jump to content
Sign in to follow this  

Modlishka CLI

Recommended Posts

Description: A powerful and flexible HTTP reverse proxy Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy multi-domain destination traffic, both TLS and non-TLS, over a single domain, without a requirement of installing any additional certificate on the client. What does this exactly mean? In short, it simply has a lot of potential, that can be used in many use case scenarios... From the security perspective, Modlishka can be currently used to: Support ethical phishing penetration tests with a transparent and automated reverse proxy component that has a universal 2FA “bypass” support. Automatically poison HTTP 301 browsers cache and permanently hijack non-TLS URLS. Diagnose and hijack browser-based applications HTTP traffic from the "Client Domain Hooking" attack perspective. Wrap legacy websites with TLS layer, confuse crawler bots and automated scanners, etc. TBC Modlishka was written as an attempt overcome standard reverse proxy limitations and as a personal challenge to see what is possible with sufficient motivation and a bit of extra research time. The achieved results appeared to be very interesting and the tool was initially released and later updated with aim to: Highlight currently used two factor authentication (2FA) scheme weaknesses, so adequate security solutions can be created and implemented by the industry. Support other projects that could benefit from a universal and transparent reverse proxy. Raise community awareness about modern phishing techniques and strategies and support penetration testers in their daily work. Modlishka was primarily written for security related tasks. Nevertheless, it can be helpful in other, non-security related, usage scenarios. Efficient proxying ! Features Some of the most important 'Modlishka' features : General: Point-and-click HTTP and HTTPS reverse proxying of an arbitrary domain/s. Full control of "cross" origin TLS traffic flow from your users browsers (without a requirement of installing any additional certificate on the client). Easy and fast configuration through command line options and JSON configuration files. Pattern based JavaScript payload injection. Wrapping websites with an extra "security": TLS wrapping, authentication, relevant security headers, etc. Striping websites from all encryption and security headers (back to 90's MITM style). Stateless design. Can be scaled up easily to handle an arbitrary amount of traffic - e.g. through a DNS load balancer. Can be extended easily with your ideas through modular plugins. Automatic test TLS certificate generation plugin for the proxy domain (requires a self-signed CA certificate) Written in Go, so it works basically on all platforms and architectures: Windows, OSX, Linux, BSD supported... Security related: Support for majority of 2FA authentication schemes (out of the box). Practical implementation of the "Client Domain Hooking" attack. Supported with a diagnostic plugin. User credential harvesting (with context based on URL parameter passed identifiers). Web panel plugin with a summary of automatically collected credentials and one-click user session impersonation module (proof-of-concept/beta). No website templates (just point Modlishka to the target domain - in most cases, it will be handled automatically without any additional manual configuration). Proxying In Action (2FA bypass) "A picture is worth a thousand words": <img src="https://camo.githubusercontent.com/c548abb8d2658119315f0bbe383542e7956a9e3c/68747470733a2f2f692e76696d656f63646e2e636f6d2f766964656f2f3734393335333638332e6a7067" class="img-responsive" alt="68747470733a2f2f692e76696d656f63646e2e636f6d2f766964656f2f3734393335333638332e6a7067"> https://vimeo.com/308709275 QPKG INTEGRATION add Modlishka to NAS $PATH on installation use command line (no automatic startup or preconfiguration) [~] # Modlishka -h Usage of Modlishka: -cert string base64 encoded TLS certificate -certKey string base64 encoded TLS certificate key -certPool string base64 encoded Certification Authority certificate -config string JSON configuration file. Convenient instead of using command line switches. -credParams string Credential regexp with matching groups. e.g. : baase64(username_regex),baase64(password_regex) -debug Print extra debug information -disableSecurity Disable proxy security features like anti-SSRF. 'Here be dragons' - disable at your own risk. -dynamicMode Enable dynamic mode for 'Client Domain Hooking' -forceHTTP Strip all TLS from the traffic and proxy through HTTP only -forceHTTPS Strip all clear-text from the traffic and proxy through HTTPS only -jsRules string Comma separated list of URL patterns and JS base64 encoded payloads that will be injected - e.g.: target.tld:base64(alert(1)),..,etc -listeningAddress string Listening address - e.g.: (default "") -log string Local file to which fetched requests will be written (appended) -plugins string Comma separated list of enabled plugin names (default "all") -postOnly Log only HTTP POST requests -proxyDomain string Proxy domain name that will be used - e.g.: proxy.tld -rules string Comma separated list of 'string' patterns and their replacements - e.g.: base64(new):base64(old),base64(newer):base64(older) -target string Target domain name - e.g.: target.tld -targetRes string Comma separated list of domains that were not translated automatically. Use this to force domain translation - e.g.: static.target.tld -terminateTriggers string Session termination: Comma separated list of URLs from target's origin which will trigger session termination -terminateUrl string URL to which a client will be redirected after Session Termination rules trigger -trackingCookie string Name of the HTTP cookie used for track the client (default "id") -trackingParam string Name of the HTTP parameter used to set up the HTTP cookie tracking of the client (default "id") <b>TIP ME !!</b> Your gratitude and finance will help me to continue integration of this QPKG and maintain up to date versions.
Créateur: QoolBox

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this