Modlishka

Modlishka implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy multi-domain destination traffic, both TLS and non-TLS, over a single domain, without a requirement of installing any additional certificate on the client. Modlishka can be currently used to: Support ethical phishing penetration tests with a transparent and automated reverse proxy component that has a universal 2FA “bypass” support. Automatically poison HTTP 301 browsers cache and permanently hijack non-TLS URLS. Diagnose and hijack browser-based applications HTTP traffic from the "Client Domain Hooking" attack perspective. Wrap legacy websites with TLS layer, confuse crawler bots and automated scanners, etc.