Attacker in the middle
This technique is a way to bypass MFA, it allows attackers to have both, a valid session and the login password. Attackers leverage a web proxy which proxies traffic between his self-hosted instance of the application and the real application, this way any OAuth request makes its way to the real app as well and the MFA stuff is also taken care of.
Typical techniques to implement this involve either transparent web proxy techniques that seek to present the application with no noticeable changes (e.g. Evilginx2), or the use of desktop-control techniques to have the victim unknowingly interact with an attacker’s own browser instance (e.g. noVNC based techniques).