Skip to content

Proof of concept: using a Cloudflare worker for AITM attacks

License

Notifications You must be signed in to change notification settings

zolderio/AITMWorker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 

Repository files navigation

AITMWorker

This repository contains a proof of concept that allows you to perform AITM phishing attacks on Microsoft tenants by using a Cloudflare Worker. We are protecting hundreds of Microsoft tenants against phishing attacks using the approach described here.

We detected previously unknown phishing attacks on our clients abusing Cloudflare Workers. We tried to reproduce the attack by building our own Cloudflare Worker, to demonstrate how these attackers are abusing Cloudflare. This repository contains the code.

How to use

  1. Create a Cloudflare Worker in your Cloudflare account
  2. Modify the webhook variable to your own Teams channel Webhook
  3. Upload the worker.js code
  4. Visit your workers URL and login with a victim account
  5. Check your Teams channel. Credentials & cookies are posted in the channel

Disclaimer

This code is for demonstration purposes only. We are not responsible for any misuse. Our goal is to make defenders aware of these attacks and to improve their mitigations.

About

Proof of concept: using a Cloudflare worker for AITM attacks

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published