New Tool Automates Phishing Attacks That Bypass 2FA

A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA). From a report: Named Modlishka --the English pronunciation of the Polish word for mantis -- this new tool was created by Polish researcher Piotr Duszynski. Modlishka is what IT professionals call a reverse proxy, but modified for handling traffic meant for login pages and phishing operations. It sits between a user and a target website -- like Gmail, Yahoo, or ProtonMail. Phishing victims connect to the Modlishka server (hosting a phishing domain), and the reverse proxy component behind it makes requests to the site it wants to impersonate. The victim receives authentic content from the legitimate site --let's say for example Google -- but all traffic and all the victim's interactions with the legitimate site passes through and is recorded on the Modlishka server.

Re:Useful tool, but you still have to get past PKI

[DarkOx]

Except that I am not going to hijack slashdot.org I am going to attempt to con you into going to slashdit.org instead. Which I will proxy to slashdot.org's login page so you don't think anything is wrong. You will most likely go ahead and authenticate (and I'll sniff the cookies along the way). I know you want give the URL a second look either because thanks to Google nobody displays address bars anymore. So if you click my initial link I totally own you.

Oh and mysite will have TLS and valid certificate too because LetsEncrypt is completely irresponsible and will robo sign anything domain you control even if its a totally obvious look-a-like phishing domain.