Navigation
Recherche
|
New Tool Automates Phishing Attacks That Bypass 2FA
mercredi 9 janvier 2019, 19:50 , par Slashdot
A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA). From a report: Named Modlishka --the English pronunciation of the Polish word for mantis -- this new tool was created by Polish researcher Piotr Duszynski. Modlishka is what IT professionals call a reverse proxy, but modified for handling traffic meant for login pages and phishing operations. It sits between a user and a target website -- like Gmail, Yahoo, or ProtonMail. Phishing victims connect to the Modlishka server (hosting a phishing domain), and the reverse proxy component behind it makes requests to the site it wants to impersonate. The victim receives authentic content from the legitimate site --let's say for example Google -- but all traffic and all the victim's interactions with the legitimate site passes through and is recorded on the Modlishka server.
Read more of this story at Slashdot.
rss.slashdot.org/~r/Slashdot/slashdot/~3/0OfLetqj_AI/new-tool-automates-phishing-attacks-that-bypass...
|
56 sources (32 en français)
Date Actuelle
ven. 22 nov. - 07:38 CET
|