Meow's CyberAttack - Application/Server Attacks - Hijacking - Man-in-the-Browser Attacks

• Meow’s CyberAttack - Application/Server Attacks - Hijacking - Man-in-the-Browser Attacks
  • Man-in-the-Browser (MITB, MitB, MIB, MiB)

book: S+ 7th ch9

---

Meow’s CyberAttack - Application/Server Attacks - Hijacking - Man-in-the-Browser Attacks

---

Man-in-the-Browser (MITB, MitB, MIB, MiB)

• a type of man-in-the-middle attack

• a proxy Trojan horse

• infects vulnerable web browsers.

• can capture browser session data. This includes keyloggers to capture keystrokes, along with all data sent to and from the web browser.

• manipulates calls between the browser and its security mechanisms

  ,

• sniffing or modifying transactions as they are formed on the browser
• yet still displaying back the user’s intended transaction.

Example:

• Zeus:

  • a Trojan horse that has used man-in-the-browser techniques after infecting systems.

  • Zeus includes keystroke logging and form grabbing.

  • Once the attackers collect logon information for a user’s bank, they use it to log on and transfer money to offshore accounts.