It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy multi-domain destination traffic, both TLS and non-TLS, over a single domain, without a requirement of installing any additional certificate on the client. What does this exactly mean? In short, it simply has a lot of potential, that can be used in many use case scenarios. From the security perspective, Modlishka can be currently used to: Support ethical phishing penetration tests with a transparent and automated reverse proxy component that has a universal 2FA “bypass” support. Automatically poison HTTP 301 browsers cache and permanently hijack non-TLS URLS. Diagnose and hijack browser-based applications HTTP traffic from the "Client Domain Hooking" attack perspective. Wrap legacy websites with TLS layer, confuse crawler bots and automated scanners, etc. TBC Modlishka was written as an attempt overcome standard reverse proxy limitations and as a personal challenge to....