What do you mean by a MITM phishing attack?

U2F credentials are tied to a particular domain, and so do not rely on the user making sure they are on the correct website. As such, they are not susceptible to typical credential phishing attacks.

Things like this: https://security.stackexchange.com/questions/157756/mitm-att...

This is assuming an owned machine. Not the easiest attack but still possible. Obviously things like Google Authenticator (while good) are even more susceptible to MITM phishing.

If the machine is owned it's trivial to dig the cookie jar once you're logged in.

U2F is supposed to be immune to MITM because of the information sent in the protocol, protected by the encryption. I'm not familiar enough with it to know if it's really immune or not.