Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Browser core PRT injection not working #80

Open
realspookysocks opened this issue Jan 23, 2024 · 2 comments
Open

Browser core PRT injection not working #80

realspookysocks opened this issue Jan 23, 2024 · 2 comments

Comments

@realspookysocks
Copy link

Trying to use the browsercore method of PRT injection isn't working for me. The bctest.py works fine, but when the login loads, it still prompts for a username and password. After a bit of troubleshooting, I was thinking maybe it has to do with the PRT without a nonce update mentioned in the article here: https://dirkjanm.io/abusing-azure-ad-sso-with-the-primary-refresh-token/.

Similarly, PRT injection methods like the one listed in this stealthbits article don't appear to be working.

Noteworthy though, the selenium PRT browserauth method in roadtools still works!

@dirkjanm
Copy link
Owner

Which browser were you using? I've read that newer versions of Chrome have native support for PRT based SSO so maybe it doesn't use browsercore anymore. The browsercore method does use a nonce so that shouldn't be the issue. The article you mention is indeed outdated and no longer a working method.

@realspookysocks
Copy link
Author

I was using Chrome version 120.0.6099.225 (Official Build) (64-bit). From what I could tell it was using browsercore because after I tried it, the user popped up in the risky sign ins. So it seemed to me like it was attempting to submit the PRT, but that it wasn't happy with it.

That's good to know about the nonce for browsercore.py. Does the browsercore method still work for you? If so, I can do more troubleshooting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants