Type Here to Get Search Results !

Bypass Two Factor Authentication

 We all try to secure our all online accounts and social media accounts and we turn on the Two-Factor Authentication or Two-Step Verification. Then we think that we are now safe. Sometimes we check a phishing page with wrong password. But Modlishka can bypass Two-factor authentication (2FA).

What is Modlishka?

Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy multi-domain destination traffic, both TLS and non-TLS, over a single domain, without a requirement of installing any additional certificate on the client. What does this exactly mean? In short, it simply has a lot of potential, that can be used in many use case scenarios...

From the security perspective, Modlishka can be currently used to:
  • Support ethical phishing penetration tests with a transparent and automated reverse proxy component that has a universal 2FA “bypass” support. 
  • Automatically poison HTTP 301 browsers cache and permanently hijack non-TLS URLS. 
  • Diagnose and hijack browser-based applications HTTP traffic from the "Client Domain Hooking" attack perspective. 
  • Wrap legacy websites with TLS layer, confuse crawler bots and automated scanners, etc. 
  • TBC
Modlishka was written as an attempt overcome standard reverse proxy limitations and as a personal challenge to see what is possible with sufficient motivation and a bit of extra research time. The achieved results appeared to be very interesting and the tool was initially released and later updated with aim to:
  • Highlight currently used two factor authentication (2FA) scheme weaknesses, so adequate security solutions can be created and implemented by the industry. 
  • Support other projects that could benefit from a universal and transparent reverse proxy. 
  • Raise community awareness about modern phishing techniques and strategies and support penetration testers in their daily work.


  • Point-and-click HTTP and HTTPS reverse proxying of an arbitrary domain/s. 
  • Full control of "cross" origin TLS traffic flow from your users browsers (without a requirement of installing any additional certificate on the client). 
  • Easy and fast configuration through command line options and JSON configuration files. 
  • Pattern based JavaScript payload injection. 
  • Wrapping websites with an extra "security": TLS wrapping, authentication, relevant security headers, etc. 
  • Striping websites from all encryption and security headers (back to 90's MITM style). 
  • Stateless design. 
  • Can be scaled up easily to handle an arbitrary amount of traffic - e.g. through a DNS load balancer.
  • Can be extended easily with your ideas through modular plugins. 
  • Automatic test TLS certificate generation plugin for the proxy domain (requires a self-signed CA certificate) Written in Go, so it works basically on all platforms and architectures: Windows, OSX, Linux, BSD supported...

How to Set up Modlishka in Kali Linux

apt-get install golang
export GOPATH=$HOME/go
echo $GOPATH
go get -u github.com/drk1wi/Modlishka
cd root/go/src/github.com/drk1wi/Modlishka/


Yah we all set up now we are going to compile Modlishka using following command


Now we can check the options by applying the command


Post a Comment

* Please Don't Spam Here. All the Comments are Reviewed by Admin.