A penetration tester is tasked with demonstrating the risk of phishing attacks that can bypass multi-factor authentication (MFA). The goal is to capture an active session token after a user successfully authenticates through a legitimate-looking portal. Which of the following approaches is BEST suited for creating a convincing, functional sign-on page that also intercepts the resulting session token?
An exploitation that changes DNS entries for legitimate domains so users unknowingly transmit tokens
A method relying on embedded script tags in the page to disclose session data from the user's browser
A technique that hosts a covert proxy site mirroring the genuine login interface and relays user traffic to acquire authentication tokens
An approach using a local hash extraction utility to retrieve encrypted credentials from a target's workstation
Hosting a deceptive reverse proxy site is highly effective because it mirrors the genuine login interface and relays user traffic, allowing interception of authentication tokens. This method is central to tools like Evilginx which are designed to bypass MFA. Simply altering script tags on a page (a form of XSS) can steal tokens but often gets blocked by modern defenses and doesn't inherently proxy the entire login flow. Local credential extraction methods focus on hashed credentials already on a system, not ephemeral tokens from a live login. Modifying DNS records can redirect traffic but does not, by itself, provide an effective proxy for gathering ephemeral tokens in a stealthy manner.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an ephemeral session token?
Open an interactive chat with Bash
How does a reverse proxy site capture session tokens?
Open an interactive chat with Bash
Why is altering DNS entries not effective for capturing session tokens?