通常称为MitB的Man In The Browser攻击是网络犯罪分子可以使用的最危险的攻击类型之一。此方法使用特洛伊木马(Trojan Horse)或类似恶意软件从网站用户那里获取重要信息,尤其是银行和信用卡信息。它是一段代码,可以更改并添加不同的输入字段到您正在访问的网页。由于URL没有更改,因此您认为该站点需要该信息,您只需填写即可。
浏览器中的人攻击解释
与中间人攻击(Man In The Middle Attack)不同,第三方位于两个端点之间侦听数据包以获取有用信息,MitB 攻击(MitB attack)是关于更改和添加您正在访问的网站的输入字段。特洛伊木马之(Trojan Horse)类的恶意软件位于您的计算机和站点服务器之间。使用该恶意软件,网站会添加不同的输入字段,要求您提供机密信息。
在某些情况下,它不仅仅是一个页面,而是排列的整个网页序列,以便您确定它是真实的。由于它基于读取 IP 地址的恶意软件,因此对于网站管理员来说似乎没问题。如有疑问,请截取屏幕截图并将其发送给网站管理员进行确认。当您的银行网站突然开始要求通过信用卡进行验证时,您可能会产生疑问。
例如,大多数银行网站只需要您的 ID 和PIN ( OTP ) 即可登录。有些可能另外使用密码。但除此之外,例如询问您的信用卡号、PIN 码(PIN)、CSV代码等,应该会在您的脑海中敲响警钟。如果发生这种情况,请立即停止,截屏并将其发送给银行,询问他们是否真的需要这些数据。
请注意,这与普通网络钓鱼不同。网络钓鱼时,他们会向您发送电子邮件,试图诱使您或社会工程人员向他们提供您想要的信息。在 Man in the Browser攻击中,网络犯罪分子使输入字段看起来很真实。它们看起来是真实的,因为即使在受到攻击后URL也是相同的。(URL)有时,他们只是说他们想提高您的安全性,因此您需要向他们提供所需的(额外的、个人的)信息。
MitB是如何实现的
Man In The Browser攻击依靠恶意软件来了解您在Internet上的目的地。然后它为额外的输入字段创建代码并将它们放置在您访问的网站页面上。您可能想知道您的计算机在恶意软件进入的地方是否干净!答案在于浏览器扩展、补丁(假的)和DOM对象。也就是说,浏览器使用某种方法或其他方法被入侵,并且没有被您正在使用的防病毒软件捕获。这就是检测MitB攻击变得复杂的原因。
防止(Protection)浏览器(Browser)中的人(Man)攻击
除了使用最新的操作系统和良好的更新安全软件外,撰写本文时的保护只是常识。你上网(Internet)要小心(be careful)。在现实生活中,您不会轻易向任何人提供信用卡或社会保障信息,那么为什么要在网络世界中这样做呢?在登录或注册时继续寻找所有信息的要求。如果有些事情没有加起来,退出并通知网站管理员。您还可以关闭浏览器并启动新会话以查看是否再次出现相同的字段。
除了上述之外,为了防止Man In The Browser攻击,您还需要检查扩展等。仅使用(Use)知名的扩展程序并尝试使用最少的扩展程序。如果您仍然发现任何可疑之处,请联系该网站的网站管理员。
What is Man In The Browser attack - Prevention and Detection
Commonly called MitB, the Man In The Browser attack is one of the most dangerous types of attacks a cybercriminal can use. This method employs the usage of a Trojan Horse or similar malware to gain important information from users of websites, especially banking and credit card information. It is a piece of a code that alters and adds different input fields to a webpage you are visiting. Since the URL is not changed, you believe that the site needs that information, you simply fill it in.
Man In The Browser attack explained
Unlike Man In The Middle Attack, where a third party is situated between two endpoints listening to packets for useful information, the MitB attack is about altering and adding input fields to the website you are visiting. A malware like a Trojan Horse is situated between your computer and the site server. Using that malware, different input fields are added to the website, asking you for your confidential information.
In some cases, it is not just a page but the entire sequence of webpages arranged so that you are sure it is genuine. Since it is based on the malware reading the IP addresses, it looks okay to webmasters. When in doubt, take a screenshot and send it to the webmasters for confirmation. You may get doubts when suddenly your bank website starts asking verification by means of a credit card.
For example, most bank websites simply require your ID and a PIN (OTP) to log in. Some may use passwords in addition. But anything more than that, like asking you your credit card number, PIN, CSV code, etc, should ring an alarm inside your head. If that happens, stop immediately, take a screenshot and send it to the bank asking if they really want that data.
Note that this is different from normal phishing. When phishing, they send you emails trying to hook or social engineer you into providing them with the information you want. In Man in the Browser attack, the cybercriminal makes the input field look genuine. They look true as the URL is the same even after being compromised. Sometimes, they just say they want to up your security and hence you need to provide them with the required (additional, personal) information.
How is MitB Implemented
Man In The Browser attack relies on malware to know your destination on the Internet. Then it creates code for extra input fields and places them on the website page you visit. You may wonder if your computer is clean where the malware comes in! The answer lies in browser extensions, patches (fake), and DOM objects. That is to say, the browser is compromised using some method or the other and is not caught by the anti-virus you are using. This is what makes it complex to detect MitB attacks.
Protection against Man In The Browser attack
Apart from using an up-to-date OS and good updated security software, the protection at the moment of writing this article is just common sense. You have to be careful on the Internet. You do not provide credit card or social security information to anyone easily in real life so why should you do that in an online world? Keep looking for what all information asks while logging you or at registration. If something does not add up, quit, and inform webmasters. You can also close the browser and start a new session to see if the same fields appear again.
Other than the above, to prevent Man In The Browser attack, you also need to keep extensions, etc, in check. Use only reputed extensions and try to use a minimum of them. If you still find anything fishy, contact the webmasters of the said website.