So recently I've started messing with a html5 vnc client that vncs to a browser in kiosk mode on the device im gonna use those creds on. I was having some problem just getting the cookie with evilnginx on azure related accounts, I'm not sure what protections they are using.

But I saw an article by Mr.d0x and started messing around with his idea and it works really well when phishing for creds. Anyone else been using this? Is this gonna be the new meta soon?

This is the article: https://mrd0x.com/bypass-2fa-using-novnc/
Interesting git repo: https://github.com/JoelGMSec/EvilnoVNC