Hey guys this is TheToySec back again with another Post. In this post we will talk about the browser in the browser attack and some of the detection techniques to mitigate this type of attack.
What is BITB attack?
So BITB attack is known as Browser in the Browser Attack, which is actually an advance and highly developed phishing attack that can trick users into believing the fake website is the real website. It creates a fake single sign on login page which makes confuse to an user.
So, Let’s talk about Single Sign On (SSO)
What is SSO?
Single sign on is an authentication mechanism that allows you to sign in once and then you can access all the services according to that application or websites without entering the username and password simultaneously. For an example it will be like login with google, fakebook etc. Once you login with Your Google account then you can access YouTube, Google Drive, Gmail, Photos and other Google Services. So that is called as SSO login.
Now let’s look at this picture.
In the above image you can see the URL slug of SSO windows is showing ‘https://www.facebook.com/login’. So it’s confusing, right. Now let’s see the reproduction steps to reproduce this attack.
Open terminal in Kali Linux and Download BITB-Framework from GitHub by Surya Dev Singh here: https://github.com/surya-dev-singh/BITB-framwork.git
After installing the tool go to BITB-Framework folder by following command: cd BIB-Framework
Now type ls to check the files. You’ll get to see there is a file which is bitb.py.
Now to check the permission of the file you can type ls -l. Type chmod 777 in the terminal if the permission isn’t executable.
All set for the test, now just type python3 bitb.py.
Now you’ll get to see a lots of template options to select. You can select accordingly. In my case I just selected the option number 1 for Facebook template.
Now in enter value you can choose any accordingly. I selected option number 1 and run it.
Now go to your browser in Kali Linux and enter the web URL address which has been shown in your Kali Linux terminal.
Now you can see there’s web page and there’s an SSO Login option to login with Facebook. If you’ll click on this the fake window will be open.
Now you can enter the credentials details and check the username and passwords in Kali Linux terminal. Boom! We got the credentials now!
So now you might be thinking the URL is just 0.0.0.0 and port number is 8080, so it’s in only localhost. Because we tested it in the localhost. But if we think like the attackers perspectives then they will not do it in localhost, they might be do it in a real web server which may looks a legitimate website, actually designed to trap the victims.
So now the question is how we can save ourself and how to detect BITB Attack?
Well, It’s quite simple! Let’s look at below pictures.
If you can see this picture, then we can see we can’t fully maximize and drag and drop this window. So it means it replicates that there is a BITB Phishing page.
But in this picture you can see we can easily maximize and drag and drop this window. So it replicates that it’s the real website one and there’s no BITB Phishing page.
Note: For testing purpose I used Surya Dev Singh’s GitHub tool, but you can use mrd0x’s GitHub tool also.
For more details you can visit: https://github.com/mrd0x/BITB
Disclaimer: Hackerinthehouse, it’s author and it’s affiliates won’t be responsible for any actions made by you. This article is published for security research and education purposes only. It is the end user’s responsibility to obey all applicable local, state and federal laws.
Recommended article to Prevent Cyber Attacks: Ultimate Guide to Prevent Cyber Attacks
If you really like this post then give your reaction and don’t forget to share with others. Till then we will meet again in another interesting topic.
Thank you for reading this and have a nice stay there!