research-article

Browser-in-the-Middle - Evaluation of a modern approach to phishing

Authors:

Jonas Tzschoppe,

Hans LöhrAuthors Info & Claims

EUROSEC '23: Proceedings of the 16th European Workshop on System Security

Pages 15 - 20

https://doi.org/10.1145/3578357.3589458

Published: 08 May 2023 Publication History

Abstract

This paper examines the phishing technique Browser-in-the-Middle and its practical implications in the context of logins protected by multi-factor authentication. We implement and analyze Browser-in-the-Middle (BitM) attacks, evaluate them and discuss suitable measures for mitigation. To facilitate a thorough analysis, we implement two variants of BitM by using two different technology stacks and compare them to a conventional phishing system based on a proxy. To evaluate BitM attacks, we test our implementations on a number of popular websites. Our results show that in practice BitM attacks are currently highly capable of stealing login information protected by more than one factor, since the difficulty to detect such an attack appears to be greater when using BitM than comparable techniques. Therefore, we propose a new entry for BitM in the Common Attack Patterns Enumeration and Classification (CAPEC). The high effectiveness of the attack technique is limited by mitigation methods such as the use of resistant factors for two-sided authentication. We conclude that BitM attacks can potentially be used for highly effective targeted phishing, but they are unlikely to scale well enough for large-scale phishing attacks aiming at a broad variety of users.

References

[1]

Tessian Phishing Statistics: Updated 2022. 2022. https://www.tessian.com/blog/phishing-statistics-2020/

[2]

Wade Baker, Mark Goudie, Alexander Hutton, C David Hylender, Jelle Niemantsverdriet, Christopher Novak, David Ostertag, Christopher Porter, Mike Rosen, Bryan Sartin, et al. 2011. 2011 data breach investigations report. Verizon RISK Team, Available: www.verizonbusiness. com/resources/reports/rp_databreach-investigationsreport-2011_en_xg. pdf (2011), 45.

[3]

Kang Leng Chiew, Kelvin Sheng Chek Yong, and Choon Lin Tan. 2018. A survey of phishing attacks: Their types, vectors and technical approaches. Expert Systems with Applications 106 (2018), 1--20.

[4]

Rachna Dhamija, J Doug Tygar, and Marti Hearst. 2006. Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems. 581--590.

Digital Library

[5]

Timothy Dougan and Kevin Curran. 2012. Man in the browser attacks. International Journal of Ambient Computing and Intelligence (IJACI) 4, 1 (2012), 29--39.

[6]

Peter Eckersley. 2010. How Unique is Your Web Browser?. In Proceedings of the 10th International Conference on Privacy Enhancing Technologies (Berlin, Germany) (PETS'10). Springer-Verlag, Berlin, Heidelberg, 1--18.

[7]

CAPEC: Common Attack Pattern Enumeration and Classification. 2016. http://capec.mitre.org

[8]

The Apache Software Foundation FreeRDP. Last accessed 2023-01-31. https://www.freerdp.com/

[9]

K Gretzky. 2018. Evilginx-Advanced Phishing with Two-factor Authentication Bypass.

[10]

The Apache Software Foundation Guacamole. Last accessed 2023-01-31. https://guacamole.apache.org

[11]

CAPEC-701: Browser in the Middle (BiTM). 2023. https://capec.mitre.org/data/definitions/701.html

[12]

Ankit Kumar Jain and Brij B Gupta. 2017. Phishing detection: analysis of visual similarity based approaches. Security and Communication Networks 2017 (2017).

[13]

Samuel Marchal, Jérôme François, Radu State, and Thomas Engel. 2012. Proactive discovery of phishing related domain names. In Research in Attacks, Intrusions, and Defenses: 15th International Symposium, RAID 2012, Amsterdam, The Netherlands, September 12--14, 2012. Proceedings 15. Springer, 190--209.

[14]

mr.d0x. 2022. Steal Credentials & Bypass 2FA Using noVNC. https://mrd0x.com/bypass-2fa-using-novnc

[15]

The Apache Software Foundation No Auth Extension. Last accessed 2023-01-31. https://guacamole.apache.org/doc/0.8.3/gug/noauth.html

[16]

Adam Oest, Penghui Zhang, Brad Wardman, Eric Nunes, Jakub Burgis, Ali Zand, Kurt Thomas, Adam Doupé, and Gail-Joon Ahn. 2020. Sunrise to sunset: Analyzing the end-to-end life cycle and effectiveness of phishing attacks at scale. In USENIX Security Symposium.

[17]

T. Richardson, Q. Stafford-Fraser, K.R. Wood, and A. Hopper. 1998. Virtual network computing. IEEE Internet Computing 2, 1 (1998), 33--38.

Digital Library

[18]

Checkpoint Cyber Security. 2022. https://blog.checkpoint.com/2022/04/19/social-networks-most-likely-to-be-imitated-by-criminal-groups-with-linkedin-now-accounting-for-half-of-all-phishing-attempts-worldwide/

[19]

Franco Tommasi, Christian Catalano, and Ivan Taurino. 2022. Browser-in-the-Middle (BitM) Attack. Int. J. Inf. Sec. 21, 2 (2022), 179--189.

Digital Library

[20]

VadeSecure Phishers Favorites year-in review. 2022. https://info.vadesecure.com/en/phishers-favorites-2021-year-in-review

Cited By

Shahriyar MSeyam ZUllah ASakib M(2024)Phishing Detection in Browser-in-the-Middle: A Novel Empirical Approach Incorporating Machine Learning AlgorithmsAdvanced Network Technologies and Intelligent Computing10.1007/978-3-031-64067-4_9(123-134)Online publication date: 8-Aug-2024
https://doi.org/10.1007/978-3-031-64067-4_9
Jagannath RJain A(2024)Browser‐in‐the‐middle attacks: A comprehensive analysis and countermeasuresSECURITY AND PRIVACY10.1002/spy2.410Online publication date: 28-May-2024
https://doi.org/10.1002/spy2.410

Recommendations

A phishing analysis of web based systems
ICCCS '11: Proceedings of the 2011 International Conference on Communication, Computing & Security

Phishing is form of identity theft that uses the social engineering techniques and sophisticated attack vectors to harvest financial information from unsuspecting consumers. It is a kind of attack in which phishers use spoofed emails and fraudulent web ...
Browser‐in‐the‐middle attacks: A comprehensive analysis and countermeasures
Abstract
A browser‐in‐the‐middle (BITM) attack occurs when an attacker intercepts and manipulates communication between a user's web browser and the website they are attempting to visit. This approach is risky, as it allows the attacker to eavesdrop on ...
Defeating Cross-Site Request Forgery Attacks with Browser-Enforced Authenticity Protection
Financial Cryptography and Data Security

A cross site request forgery (CSRF) attack occurs when a user's web browser is instructed by a malicious webpage to send a request to a vulnerable web site, resulting in the vulnerable web site performing actions not intended by the user. CSRF ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

EUROSEC '23: Proceedings of the 16th European Workshop on System Security

May 2023

56 pages

ISBN:9798400700859

DOI:10.1145/3578357

Program Chairs:
Jason Polakis,
Erik van der Kouwe

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 May 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

EUROSEC '23

Sponsor:

SIGOPS

EUROSEC '23: 16th European Workshop on System Security

May 8, 2023

Rome, Italy

Acceptance Rates

Overall Acceptance Rate 47 of 113 submissions, 42%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
204
Total Downloads

Downloads (Last 12 months)66
Downloads (Last 6 weeks)9

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Shahriyar MSeyam ZUllah ASakib M(2024)Phishing Detection in Browser-in-the-Middle: A Novel Empirical Approach Incorporating Machine Learning AlgorithmsAdvanced Network Technologies and Intelligent Computing10.1007/978-3-031-64067-4_9(123-134)Online publication date: 8-Aug-2024
https://doi.org/10.1007/978-3-031-64067-4_9
Jagannath RJain A(2024)Browser‐in‐the‐middle attacks: A comprehensive analysis and countermeasuresSECURITY AND PRIVACY10.1002/spy2.410Online publication date: 28-May-2024
https://doi.org/10.1002/spy2.410

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten