Kali Linux

BITB : Browser In The Browser (BITB) Templates

BITB is a Browser templates for Browser In The Browser (BITB) attack.

Usage

Each folder has a index.html file which has 4 variables that must be modified:

  • XX-TITLE-XX – The title that shows up for the page (e.g. Sign in to your account now)
  • XX-DOMAIN-NAME-XX – Domain name you’re masquerading as. (e.g. gmail.com)
  • XX-DOMAIN-PATH-XX – Domain path (e.g. /auth/google/login)
  • XX-PHISHING-LINK-XX – Phishing link which will be embedded into the iFrame (e.g. https://example.com)

Furthermore, if you’re using a Windows template you should update the logo.svg which is the icon of the website you’re masquerading as. The default logo is Microsoft.

Windows-DarkMode-Delay

The Windows-DarkMode-Delay folder makes use of jQuery’s fadeIn() function to add a slight delay to the pop-up window as it appears. This is only one way of making the Window appear in a delayed fashion, there’s various other ways to do the same.

Detecting Color Preference

To get the most out of this you should determine the OS from the user agent and the color preference and display the appropriate template.

To find out if you should use dark or light templates check out: https://stackoverflow.com/questions/50840168/how-to-detect-if-the-os-is-in-dark-mode-in-browsers

Detecting BITB

Dragging the Window

One way of detecting BITB is by attempting to drag the window to the edge of the browser. If the window cannot escape the browser then it’s not a real window.

Browser Extension

@odacavo released a great browser extension that can detect and warn users about embedded iframes. It’s available here: https://github.com/odacavo/enhanced-iframe-protection.

R K

Recent Posts

MQTT Security: Securing IoT Communications

In the rapidly expanding Internet of Things (IoT) ecosystem, billions of devices are constantly exchanging…

2 hours ago

How Do I Do Reverse Image Search

Have you ever come across a picture on the internet and wondered where it came…

7 days ago

WhatsMyName App – Find Anyone Across 640+ Platforms

Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…

3 weeks ago

Analyzing Directory Size Linux Tools Explained

Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…

3 weeks ago

Understanding Disk Usage with du Command

Efficient disk space management is vital in Linux, especially for system administrators who manage servers…

3 weeks ago

How to Check Directory Size in Linux

Knowing how to check directory sizes in Linux is essential for managing disk space and…

3 weeks ago