MFA Slipstream - Phishing MFA PoC Walkthrough

by DG under phishing, pentesting, se
MFA Slipstream PoC MFA Slipstream is a Proof of Concept (PoC) I put together a few months ago while on a phishing engagement. It uses JavaScript and a Python back-end to collect a target's username and password, as well as multi-factor authentication token. I say PoC and not tool, because there are some obvious features missing from the PoC's current state, like: the ability to clone a site and stitch in the necessary JavaScript (this is done by hand), or the ability to scale better by some type of user session/state. At its core the MFA Slipstream tool is
Read More