Would you expect an end user to log on to a cybercriminal's computer, open their browser, and type in their usernames and passwords? Hopefully not! But that's essentially what happens if they fall victim to a Browser-in-the-Middle (BitM) attack. Like Man-in-the-Middle (MitM) attacks, BiTM sees criminals look to control the data flow between the victim's computer and the target service, as University of Salento researchers Franco Tommasi, Christian Catalano, and Ivan Taurino have outlined in a paper for the International Journal of Information Security. However, there are several key differences. Man-in-the-Middle vs Browser-in-the-Middle A MiTM attack utilizes a proxy server that places itself between the victim's browser and the legitimate target service at the application layer. It needs some kind of malware to be placed and run on the victim's computer. But a BiTM attack is different. Instead, the victim thinks they're using their own browser – conducting their normal online banking, for instance – when instead they're actually running a transparent remote browser. As the paper notes, it's as though the user were "sitting in front of the attacker's computer, using the attacker's keyboard", meaning the attacker can capture, record, and alter the data exchange between the victim and the service they're accessing. Anatomy of a BiTM attack So how does it work? A typical BitM attack occurs in three phases: Phishing: The victim is tricked into clicking on a malicious…Read More
How ‘Browser-in-the-Middle’ Attacks Steal Sessions in Seconds
