How to break 2 factor Authentication with Modishka

Modlishka – The Tool That Can Bypass Two-Factor Authentication Via Phishing

While most users consider two-factor authentication a security measure to protect accounts, a researcher has proved otherwise. The researcher has simply deployed the tool online for easy access. As reported, he has developed a penetration testing tool named “Modlishka”. This Modlishka tool can bypass two-factor authentication and automate phishing attacks.

2FA Bypass Using Modlishka Tool

The researcher Piotr Duszyński has developed a pentesting tool named “Modlishka”. The tool can seamlessly handle automated phishing attacks. But, what makes it more interesting is the fact that it can distort the two-factor authentication required for account logins. To spice up things, he has released the tool online on Github.

As revealed by the Polish researcher in his blog post, Modlishka tool employs reverse proxy with slight modifications in a way to facilitate phishing attacks. Stating the reason behind the creation of this tool, he said,

“Modlishka was written with an aim to make that second approach (phishing campaigns) as effective as possible. This tool should be very useful to all penetration testers, that want to carry out an effective phishing campaign.”

Not only does Modlishka bypass 2FA, but also saves user credentials in its backend panel for later access by the attacker. He has explained the procedure of using this tool. He has also shared a video demonstrating Modlishka’s action in real-time.