HiddenConsentGrant
This code exploits the hidden consent grant attack which leverages the Directory.ReadWrite.all application permission.
- Create certificate and private key (or use the given pair of certificate and key from the repository).
- Update client secret and user id in the code.
- Run the tool
python server.py
- Launch the "non-malicious" page.
- get the access tokens
- have fun!