Phishing with Modlishka!

Hello everyone! Today, I will discuss a tool called Modlishka, a reverse proxy that proves useful in phishing during red team engagements. I won’t delve into the setup details for Modlishka, as there are more comprehensive blogs available for that purpose. Instead, I’ll focus on patching response headers and adding specific cookies in each request—an aspect I couldn’t find covered anywhere on the internet

Basics

Modlishka operates on the principle of a reverse proxy, acting as middleware, eliminating the need to create a specific template for phishing. The following diagram provides a summary of Modlishka’s functionality:

Users interact with the spoofed website, and all data flows through Modlishka, acting as a reverse proxy. It forwards the user’s requests to the legitimate website and does the same with the responses. Consequently, users believe they are interacting with a legitimate website, eliminating the necessity for phishing templates.

Adding Cookies

In a specific scenario, a pentester aims to include particular types of cookies in every request being sent. Unfortunately, the wiki page of Modlishka provides limited information on this aspect.

To achieve this particular use case, there isn’t a dedicated parameter or flag. Instead, the solution involves adding specific cookies in the “template.go” file located under the plugins directory.

You can see we can add the extra cookies by using the AddCookie functionality in Golang. To check whether the cookies have been added or not we will use the print the cookies value in the terminal. You can refer to the below screenshot.

Patching Headers

The concept of modifying responses using rules through the configuration file exists, but it doesn’t apply to response headers. Documentation on these scenarios is currently unavailable. To modify, add, or delete a header, you can utilize the same “templates” file under the plugins directory. Please refer to the screenshot below for details.