{"title":"浏览器在中间-评估现代方法的网络钓鱼","authors":"Jonas Tzschoppe, Hans Löhr","doi":"10.1145/3578357.3589458","DOIUrl":null,"url":null,"abstract":"This paper examines the phishing technique Browser-in-the-Middle and its practical implications in the context of logins protected by multi-factor authentication. We implement and analyze Browser-in-the-Middle (BitM) attacks, evaluate them and discuss suitable measures for mitigation. To facilitate a thorough analysis, we implement two variants of BitM by using two different technology stacks and compare them to a conventional phishing system based on a proxy. To evaluate BitM attacks, we test our implementations on a number of popular websites. Our results show that in practice BitM attacks are currently highly capable of stealing login information protected by more than one factor, since the difficulty to detect such an attack appears to be greater when using BitM than comparable techniques. Therefore, we propose a new entry for BitM in the Common Attack Patterns Enumeration and Classification (CAPEC). The high effectiveness of the attack technique is limited by mitigation methods such as the use of resistant factors for two-sided authentication. We conclude that BitM attacks can potentially be used for highly effective targeted phishing, but they are unlikely to scale well enough for large-scale phishing attacks aiming at a broad variety of users.","PeriodicalId":158487,"journal":{"name":"Proceedings of the 16th European Workshop on System Security","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Browser-in-the-Middle - Evaluation of a modern approach to phishing\",\"authors\":\"Jonas Tzschoppe, Hans Löhr\",\"doi\":\"10.1145/3578357.3589458\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper examines the phishing technique Browser-in-the-Middle and its practical implications in the context of logins protected by multi-factor authentication. We implement and analyze Browser-in-the-Middle (BitM) attacks, evaluate them and discuss suitable measures for mitigation. To facilitate a thorough analysis, we implement two variants of BitM by using two different technology stacks and compare them to a conventional phishing system based on a proxy. To evaluate BitM attacks, we test our implementations on a number of popular websites. Our results show that in practice BitM attacks are currently highly capable of stealing login information protected by more than one factor, since the difficulty to detect such an attack appears to be greater when using BitM than comparable techniques. Therefore, we propose a new entry for BitM in the Common Attack Patterns Enumeration and Classification (CAPEC). The high effectiveness of the attack technique is limited by mitigation methods such as the use of resistant factors for two-sided authentication. We conclude that BitM attacks can potentially be used for highly effective targeted phishing, but they are unlikely to scale well enough for large-scale phishing attacks aiming at a broad variety of users.\",\"PeriodicalId\":158487,\"journal\":{\"name\":\"Proceedings of the 16th European Workshop on System Security\",\"volume\":\"49 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 16th European Workshop on System Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3578357.3589458\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th European Workshop on System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3578357.3589458","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Browser-in-the-Middle - Evaluation of a modern approach to phishing
This paper examines the phishing technique Browser-in-the-Middle and its practical implications in the context of logins protected by multi-factor authentication. We implement and analyze Browser-in-the-Middle (BitM) attacks, evaluate them and discuss suitable measures for mitigation. To facilitate a thorough analysis, we implement two variants of BitM by using two different technology stacks and compare them to a conventional phishing system based on a proxy. To evaluate BitM attacks, we test our implementations on a number of popular websites. Our results show that in practice BitM attacks are currently highly capable of stealing login information protected by more than one factor, since the difficulty to detect such an attack appears to be greater when using BitM than comparable techniques. Therefore, we propose a new entry for BitM in the Common Attack Patterns Enumeration and Classification (CAPEC). The high effectiveness of the attack technique is limited by mitigation methods such as the use of resistant factors for two-sided authentication. We conclude that BitM attacks can potentially be used for highly effective targeted phishing, but they are unlikely to scale well enough for large-scale phishing attacks aiming at a broad variety of users.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
