How to achieve a briliant phishing attack

Sean Cassidy shows how to achieve a briliant phishing attack on Lastpass by combining multiple security holes.

This attack is powerfull because the author made a clear roadmap which checks if LastPass is installed, then logging out the user using a known vulnerability in the browser. The author tricks the user to login on the fake site and finally verifies the credentals using the public API.

This article also shows how XSS is used in practice.0

https://www.seancassidy.me/lostpass.html

The source code can be found on  Github

Leave a Reply

Your email address will not be published.