Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.26k
stars
1.87k
forks
source link
Feature Request: redirect_url override per phishlet #915
When running multiple campaigns or phishlets it may be useful to have the ability to present different redirect pages for unauthorized clients depending on the lure/phishlet they access.
Presenting different redirect_url pages may help with limiting the association of the redirect_url page for one phishlet with the overall campaign. This will make it more difficult for defenders to model the threat.
This would be especially useful in conjunction with MSFT IP blacklist to evade EOP.
When running multiple campaigns or phishlets it may be useful to have the ability to present different redirect pages for unauthorized clients depending on the lure/phishlet they access.
Presenting different redirect_url pages may help with limiting the association of the redirect_url page for one phishlet with the overall campaign. This will make it more difficult for defenders to model the threat.
This would be especially useful in conjunction with MSFT IP blacklist to evade EOP.