Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.88k
stars
1.96k
forks
source link
what happens when you have several login pages #690
suppose i have the site: site.com but it has several sub domains, like ww1, ww2, ww3, and others, so i have tree big questions first:
if i have an login at on /login what should i do here?
login:
domain: 'www.site.com'
path: '/login'
do i need to put the domain as: '(.*).site.com' whit regexp??
seccond: how the cookie should work? if the cookie is captured on www1.site.com.mysite.com , it should be imported on www1.site.com? or can be loaded on any of the others subdomains?
for the last! what about having seeral login sites like
www(.).site.com/first[0-9]/seccond[0-9]/login
and
www(.).site.com/alfa[0-9]/beta[0-9]/login
what happen here? how do i should proceed? thanks in advance
suppose i have the site: site.com but it has several sub domains, like ww1, ww2, ww3, and others, so i have tree big questions first:
if i have an login at on /login what should i do here? login: domain: 'www.site.com' path: '/login'
do i need to put the domain as: '(.*).site.com' whit regexp??
seccond: how the cookie should work? if the cookie is captured on www1.site.com.mysite.com , it should be imported on www1.site.com? or can be loaded on any of the others subdomains?
for the last! what about having seeral login sites like
www(.).site.com/first[0-9]/seccond[0-9]/login and www(.).site.com/alfa[0-9]/beta[0-9]/login
what happen here? how do i should proceed? thanks in advance