Red TeamingJan Kahmen3 min read

Phishing with Flexible HTTP Reverse Proxy

An HTTP reverse proxy can be used to improve phishing simulations by switching between the client and the target server.

Table of content

What is an HTTP Reverse Proxy?

A flexible HTTP reverse proxy is a network service or software application that acts as an intermediary between a client and one or more backend servers. It receives requests from clients and forwards them to the corresponding server, exchanging the endpoints of the communication so that the clients do not have to communicate directly with the servers. In contrast to a classic proxy, which is normally configured for a specific protocol, such as HTTP, a flexible HTTP reverse proxy can be configured for various protocols and is therefore more versatile.

Phishing Using HTTP Reverse Proxy

An HTTP reverse proxy can be used to improve phishing simulations by switching between the client and the target server. This allows the communication to be read and manipulated. The victim then interacts with the original site and receives valid data back when using the site. A reverse proxy is particularly suitable for bypassing the 2FA.

phishing-reverse-proxy-attack

Source: Example: How to Steal Information with Reverse Proxy Phishing

The Phishing Reverse Proxy Modlishka

Modlishka is a powerful and flexible HTTP reverse proxy. It uses an innovative approach to manage HTTP traffic in the browser and can route traffic from multiple domains, both TLS and non-TLS, through a single domain. No additional installation of a certificate on the client is required.

The potential of Modlishka can be Divided into the Following Use Cases:

  • Identifying weaknesses in two-factor authentication (2FA) so that appropriate security solutions can be developed and implemented.
  • Supporting other security-related projects that could benefit from a flexible reverse proxy.
  • Raising awareness of modern phishing techniques and strategies among the developer community and supporting Red Teams in their daily work environment.

Conclusion

Overall, an HTTP reverse proxy is a useful tool that can be used for a variety of purposes, including improving phishing simulations and supporting security projects. It is important to be aware of the potential for abuse and to take appropriate security measures to prevent it.

Contact

Curious? Convinced? Interested?

Schedule a no-obligation initial consultation with one of our sales representatives. Use the following link to select an appointment:

Arrange appointment