Wednesday, May 29, 2024
HomeCyber CrimeBrowser-in-the-Browser - An (Almost) Invisible Attack

Browser-in-the-Browser – An (Almost) Invisible Attack

A penetration tester and security specialist came up with a new phishing approach that makes phishing almost undetectable. Browser-in-the-Browser (BitB) is a type of attack that can collect sensitive information from users.

Regarding the BitB assault

BitB attack targets third-party single sign-on choices on websites that offer popup windows for authentication, such as sign-in with Facebook, Google, Apple, or Microsoft, according to researcher mr.d0x.

According to the researcher, it is conceivable to totally construct a malicious version of a popup window in order to dupe the target into providing information.

Using basic HTML/CSS, they created a Canva log-in box.

The phoney popups imitate a browser window within the browser and then mimic a valid domain, resulting in convincing phishing assaults that deceive the target.

When a victim visits an attacker-controlled website, they may input their credentials on a seemingly genuine site, ultimately handing over their credentials to the attackers.


More information

A pop-up window design was paired with an iframe connecting to the malicious server hosting the phishing website by the researcher.

Furthermore, the usage of JavaScript can cause the window to appear when a link or button is clicked, or when a website is loaded.

The JQuery JavaScript library, for example, may make the window look aesthetically pleasing or bouncing.

Furthermore, users who utilise the lingering over a URL to determine its authenticity may be confused by the assault. This security feature can be readily circumvented if JavaScript is enabled.


Both an HTTPS-encrypted URL and a float security check are bypassed by the innovative BitB attack. Furthermore, using a username and password with 2FA leaves you entirely vulnerable to such assaults. Researchers recommend adopting secure evidence of identity such as a registered device or token to be safe.

Previous article
Next article
IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us