From the course: Ethical Hacking: Session Hijacking

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Hijacking sessions using man-in-the-browser

Hijacking sessions using man-in-the-browser - Linux Tutorial

From the course: Ethical Hacking: Session Hijacking

Start my 1-month free trial

Hijacking sessions using man-in-the-browser

- [Teacher] Man in the Browser, or MITB, is a form of attack which inserts code inside a user's browser possibly by having them visit a malicious website or clicking on a malicious email attachment. The malware sits inside the browser sniffing or modifying transactions prior to their transmission. But not interfering otherwise with the user's activity. This makes Man in the Browser an extremely difficult attack to detect. There are four common ways to create a Man in the Browser. Using browser helper objects, which are dynamically loaded libraries in Internet Explorer. Using extensions. These are the equivalent to browser helper objects for Firefox. Using API hooking. A technique which uses the Windows operating system to route messages through the malware. And using malicious JavaScript. Man in the Browser malware seamlessly integrates into the web application look and feel and retains the original URL and SSL protections. All intents and purposes, the injected page is the original…

Contents