Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Phishlet for Bitwarden web that supports 2FA. It captures the refresh_token which should be replayed manually to get the Bearer, then go to /api/sync to dump the database.
Use only in Red Team or pentest engagements with your customers.
Phishlet for Bitwarden web that supports 2FA. It captures the refresh_token which should be replayed manually to get the Bearer, then go to /api/sync to dump the database. Use only in Red Team or pentest engagements with your customers.