Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.26k
stars
1.87k
forks
source link
Additional Content-Type when capturing credentials #961
I'm currently developing a phislet and the login request containing credentials uses Content-Type: text/plain instead of the regular application/x-www-form-urlencode.
I see the POST request in debug logs, but credentials aren't captured and linked to the user's session due to the MIME mismatch.
Hi,
I'm currently developing a phislet and the login request containing credentials uses Content-Type: text/plain instead of the regular application/x-www-form-urlencode.
I see the POST request in debug logs, but credentials aren't captured and linked to the user's session due to the MIME mismatch.
Regards.