User code displayed by Microsoft and processed by capturetokenphish.py don't match #13
Description
I was hoping you could enlighten me on the whole process - as I'm a bit confused and I'm trying to troubleshoot why some tokens are not captured.
The device code that gets displayed to the target user (using the 'Azure-App-Tools' template) is different from the code that gets generated by capturetokenphish.ps1 on the Azure server (tailing nohup.out). Is that normal ? I would have thought it’s meant to be the same.
Looking at the workflow - it first grabs the code from Microsoft directly (this is where the CORS anywhere server comes in handy), then use the returned response to populate the page that’s displayed to the user (data.message).
Then it sends the verification code to https://..cloudapp.azure.com/?id=, which was deployed using deploycaptureserver.ps1. At the end, I'm not sure what capturetokenphish.ps1 does with this.
However, when I manually send the verification code to the cloudapp host, the user/device code shown in nohup.out doesn’t map to what was provided by Microsoft initially.