MFA now even more vulnerable

markus.preinl • 26. Februar 2026

Adversary-in-the-Middle-attack (AiTM-attack)

Capturing session tokens isn't entirely new, but tools like these make it even easier.

Starkiller is a framework that, as a Phishing as a Service platform, allows even beginners to carry out highly complex phishing attacks based on HTTP reverse proxies. The goal is to steal a Session Token (also called a session ID or cookie) to bypass two-factor authentication (MFA). Conventional security measures struggle to detect and block this proxy-based approach. They currently advertise a 99.7% success rate! Two-factor authentication in Microsoft 365 can also be circumvented with this method.

What to do?

Secure your email inbox as effectively as possible, e.g., with Hornet Security
Implement authentication using the highly secure FIDO2 standard, a physically based authentication standard
e.g., with YubiKeys or Swissbit iShield Keys

Links on this topic

https://abnormal.ai/blog/starkiller-phishing-kit

https://cybersecuritynews.com/new-phishing-framework-starkiller-proxies/

https://www.ad-hoc-news.de/boerse/news/ueberblick/starkiller-neue-phishing-plattform-knackt-zwei-faktor-authentifizierung/68597478

https://turingpoint.de/blog/phishing-mit-flexiblem-http-reverse-proxy/