Browser in The Browser – A new near invisible attack

Browser in The Browser – A new near invisible attack

While reading on the different types of phishing attacks, recently I came across an interesting article by mr.d0x. His article explores the type of attack called Browser in the Browser (BITB). It is a novel phishing attack that exploits the user by simulating a browser window within a browser to spoof a legitimate domain. In simple terms, the pop-up window is used for spoofing.

For all those who want to access the net and be safe, the first thing they will note is to look for whether the website URL shows HTTPS. This will indicate that the site is secured with TLS/SSL encryption.

Of course, as technology develops, cybercrimes also develop with time. The URL method of checking is not reliable for quite some time because of many homographs attacks, DNS hijacking, and more. Now we can add one more attack to this list.

BITB

This BITB attack exploits the advantage of the third-party single sign on options (SSO) embedded on websites that issue pop-up windows for authentication. For example, Sign into Facebook, Apple, Google, or Microsoft. And it should be taken into consideration that these kinds of SSO pop-up methods are used widely for authentication.

Fabricating POP up is easy

According to the researcher, mr.d0x, creating a malicious pop-up window is very simple using basic HTML and CCS code. This BITB attack is very hard to find as it looks exactly similar to the original version. The following image shows the side by side by comparing original and fake windows provided in the mr.d0x blog.

As we can see, the imitation of the windows is uncanny. Many security industrialists will also fail to see the difference between the two.

POP-UP windows from click

Fortunately, for this kind of attack to initiate, the attacker needs to make the user first visit the malicious site and click on the links to provide the pop-up windows.

The attackers may use JavaScript to make the fabricated window appear when pressing the button click or link. The attackers may use animations or other designs to make it more appealing to the users.

Hover over the links

Hovering over the links is another simple method to confirm the link’s legitimate address. But if JavaScript is included in the attack, this method will ultimately fool the users. So BITB attacks render another simple means of avoiding phishing attacks useless.

Avoid Fake POP window

By using BITB, stealing the passwords will be very easy. Now let’s see some ways to avoid falling into this malicious attack lose our valuable credentials.

  • The best way to avoid this is to use password managers, as unnatural links may not fool the best password managers.
  • We can resize the desktop browser. If the JavaScript is not good enough, it will be easy to identify the fake.
  • You can also drag the pop window past the browser edge and hope that the pop-up window responds correctly. Otherwise, you can conclude that you are subjected to a phishing attack.

The BITB attack mainly targets SSO, so using Multi-Factor Authentication (MFA) is highly recommended.

Copyright © 2025 Clear Infosec. All Rights Reserved.