Outlook Web

The Outlook module of GraphSpy is most likely one of the simplest, yet it is one of the most powerful as well.

This is because a simple access token for https://outlook.office365.com/ can be used to open the mailbox of the target user on a new page, providing access to any functionality that you would expect to have in the Outlook Web Mail application.

To use it, simply request an access token for the https://outlook.office365.com/ resource (can be obtained using a FOCI client!), and click on the Set access token button to populate the Access Token field below. Then, click on the Open outlook button to open the mailbox of the user.

Outlook 1

If your access token is valid, this will open a browser tab in which you have complete access to the user's mailbox. From here you can interact with emails, view the user's calendar, create email rules, ...

Outlook 2

Some things to keep in mind are:

The access is limited to this specific access token for https://outlook.office365.com/. If you try to open any other office applications from this page (e.g. OneDrive, Microsoft Teams, ...), this will obviously not work!
This technique only allows you to insert an access token in the browsing session. As a result, once that access token expires, you will be asked to sign in again. If you still have a valid FOCI refresh token, you can easily request a new access token and open the page again.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Outlook Web

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Navigation

Clone this wiki locally