Modlishka icon indicating copy to clipboard operation
Modlishka copied to clipboard

Published 20 hours ago verified publisher icon drk1wi

Invalid IP address & redirect

Open Florablia opened this issue 1 year ago • 1 comments

Describe the bug When accessing the proxy domain, Modlishka gives a warning "Illegal IP address found", and then redirect to another domain.

Expected behavior When accessing the proxy domain, Modlishka should send the page of the website proxyed.

Configuration (please complete the following information):

  • Modlishka configuration [e.g. command line flags, JSON config]: Modlishka is launched using command line: ./dist/proxy -target intra.company.domain -proxyDomain intra.evil.domain -listeningAddress 0.0.0.0 -credsParams "$idcred" -debug true (obviously the debug is only temporary to ahve more infos on the case) credsParams are the parameters to get usernames and password sent via the website, as seen on screenshot below:

  • Browser: tested on chrome and firefox

  • OS : linux (Modlishka is running on a Kali machine; accessing the website can be done from any OS)

Screenshots image hidden are the domain names: intra.company.domain. At the end, Modlishka redirects to "company.domain", which makes no sense at all.

Additional context This is for a demo; the system is entirely simulated and offline. The machine running modlishka can correctly access the target website. The website is working correctly. The victim machine can obviously access it too; and the "evil" domain is registered in a dns, so that the victim machine can find it too (and it does, as we can see since Modlishka detects the connection and...redirect :o ). Debug option shows that Modlishka can find the IP related to the target domain name.

The same system with same website and same commands was working perfectly well last year. Since the system is offline, no updates of Modlishka should have been made since. The IPs have changed thought, but everything has been correctly set up according to the new IPs. So I really have no idea why it wouldn't work anymore, and what the hell is going on with this weird redirection?

Florablia avatar Jun 06 '23 13:06 Florablia

Found out after reviewing the code that the problem comes from the Security.go file, where a list of rejectedIPv4Networks is set. No luck, my new network use IP 10.3.3.3 for my target domain, while the previous one last year was using another IP, not in the rejected list.

Solution 1: use the disableSecurity option. Solution 2: update the Security.go file to remove that particular IP from the list, recompile Modlishka and have fun. Still doesn't understand the weird redirect thing, but whatever.

Florablia avatar Jun 06 '23 14:06 Florablia