New Penetration Testing Tool Able to Bypass 2FA Security
A Polish security researcher recently came out with a new penetration testing tool called Modlishka which is reportedly capable of automating phishing attacks and bypassing 2 factor authentication with ease.
Modlishka, which was developed by Piotr Duszyński, is a modified reverse proxy that can handle traffic meant for login pages and phishing operations.
Modlishka works by serving the user authentic content from a legitimate site, but all user interactions are recorded on its server. Once attackers are on hand to collect 2FA tokens in real-time, they can use them to log into victims’ accounts and establish new and legitimate sessions.