Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.23k
stars
1.87k
forks
source link
added support for force_post for json parameters #1023
Added support for force_post for json parameters (supported only regular http parameters)
Useful for intercepting requests to URLs such as /common/GetCredentialType which are used to initiate Windows Hello for Business auth flow
Blog post will be published soon on this subject
The following force_post section can now alter the API post request and modify it on the fly, something that could not be done beforehand due to limitations with modifications of JSON params.
Added support for force_post for json parameters (supported only regular http parameters)
Useful for intercepting requests to URLs such as /common/GetCredentialType which are used to initiate Windows Hello for Business auth flow Blog post will be published soon on this subject
The following force_post section can now alter the API post request and modify it on the fly, something that could not be done beforehand due to limitations with modifications of JSON params.