This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.

Summary

DS-1317
Modlishka
External Tool
External Data Source
GitHub
Unknown
Unknown
55 (lowest rank is 55)

Category & Restrictions

Other
cyber attack
Unrestricted
true

Description


Modlishka is a powerful and flexible HTTP reverse proxy.

Modlishka implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy multi-domain destination traffic, both TLS and non-TLS, over a single domain, without a requirement of installing any additional certificate on the client.

Modlishka can be currently used to:

Support ethical phishing penetration tests with a transparent and automated reverse proxy component that has a universal 2FA "bypass" support.
Automatically poison HTTP 301 browsers cache and permanently hijack non-TLS URLS.
Diagnose and hijack browser-based applications HTTP traffic from the "Client Domain Hooking" attack perspective.
Wrap legacy websites with TLS layer, confuse crawler bots and automated scanners, etc.

Additional Details

2.3MB
false
Unknown
cybercrime, web browser, spamming, computer memory, interactive media, proxy server, cryptographic protocol, communication protocol, world wide web, application layer protocols, key management, transport layer security, external data source, memory management, network performance, servers, touchscreens, computer architecture, modlishka, browser, internet protocol, 1317, multi touch, workgroup, phishing, uniform resource identifier, website, cache, hypertext transfer protocol clients, hypertext transfer protocol, public key certificate, internet privacy, inferlink corporation, e commerce, internet security, cyberwarfare, secure communication, history of computing, digital media, communication software, reverse proxy, cyberattack