Understand what a man-in-the-browser attack is, and use the Browser Exploitation Framework to see it in action.
- [Teacher] Man in the Browser, or MITB,…is a form of attack which inserts…code inside a user's browser possibly…by having them visit a malicious website…or clicking on a malicious email attachment.…The malware sits inside the browser…sniffing or modifying transactions prior…to their transmission.…But not interfering otherwise…with the user's activity.…This makes Man in the Browser an extremely…difficult attack to detect.…There are four common ways to create…a Man in the Browser.…
All intents and purposes, the injected page…is the original web page and is difficult to detect…
This course teaches you what session hijacking is, and how black-hat hackers use it to attack an organization. Learn how TCP, web, and wireless protocols work and how hackers exploit them. Find out how to use built-in Windows and Linux tools, as well as specialized third-party solutions such as Zed Attack Proxy (ZAP) and Cain, to detect and shore up vulnerabilities. Author and cybersecurity expert Malcolm Shore also discusses remote hijacking, which allows hackers to take control of drones or even vehicles.
Note: This course maps to the Session Hijacking domain of the Certified Ethical Hacking exam. Review the exam objectives at the EC-Council's website.
- Hijacking a network session, such as a Telnet session
- Understand web sessions
- Intercepting sessions via man-in-the-middle or man-in-the-browser attacks
- Downgrading a session by stripping SSL
- Using ARP poisoning through Subterfuge
- Hijacking an HTTP session through cookies
- Using hijacking defense tools: Zed Attack Proxy and Cain
- Service hijacking (DNS and SSH)
- Hijacking in the physical world: cars and drones