# Adversary in the Middle (AitM) Phishing

## Theory

AitM phishing is a technique that uses dedicated tooling to act as a proxy between the target and a legitimate login portal for an application, principally to make it easier to **defeat MFA protection**.

Adversaries may attempt to proxy multi-domain destination traffic (both TLS and non-TLS) over a single domain, without a requirement of installing any additional certificate on the client.

<figure><img src="https://329872044-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMdUKdzuqIuObdvCB3mUR%2Fuploads%2Fgit-blob-96818076fc814652d19e1f22a66aa3db4fa22ba0%2Fsche%CC%81ma-2-1-1024x588.png?alt=media" alt=""><figcaption></figcaption></figure>

## Practice

## Resources

{% embed url="<https://attack.mitre.org/techniques/T1557/>" %}

{% embed url="<https://pushsecurity.com/blog/phishing-2-0-how-phishing-toolkits-are-evolving-with-aitm/>" %}