Device Codes
One of the key features of GraphSpy is the ability to generate and poll the status of multiple device codes at once.
If you are not familiar with Device Code authentication and phishing, it is explained in more detail below.
A device code can easily be generated by selecting a Resource and Client ID, and clicking on the submit button. For convenience, a list of commonly used Resources and Client IDs will be shown, although you are completely free to specify a custom value as well.
As explained below, the Client ID is important when performing a device code phishing attack, as the friendly name linked to the selected Client ID will be shown to the victim after they fill in the user code.
When a new device code is generated, all relevant information is stored in the database and GraphSpy will start a different polling thread in the background (if it is not running already). This polling thread will automatically poll all active device codes stored in the database every 5 seconds, and update its status if required.
The device codes are polled on the GraphSpy server, so you can safely navigate to a different page or close the browser without impacting the device code polling.
The polling thread quits when there are no active device codes anymore to poll. However, generating a new device code will obviously cause the polling thread to start again.
Note: If you stop and restart GraphSpy process in the middle of polling, this will obviously kill the polling thread as well. Since the polling thread does not automatically start, you can use the Restart Polling button to start the polling process again in this case.
More information here.
More information here.