CuddlePhish

Weaponized multi-user browser-in-the-middle (BitM) for penetration testers. This attack can be used to bypass multi-factor authentication on many high-value web applications. It even works for applications that do not use session tokens, and therefore would not be exploitable using traditional token stealing attacks. This is a social engineering tool and does not exploit any technical flaws in the target service.

GitHub - fkasler/cuddlephish: Weaponized Browser-in-the-Middle (BitM) for Penetration TestersGitHub