Man-in-the-browser Attack: A Case Study on Malicious Browser Extensions
| dc.contributor.author | Sampsa Rauti | |
| dc.contributor.organization | fi=tietojenkäsittelytiede|en=Computer Science| | |
| dc.contributor.organization-code | 1.2.246.10.2458963.20.23479734818 | |
| dc.converis.publication-id | 44603241 | |
| dc.converis.url | https://research.utu.fi/converis/portal/Publication/44603241 | |
| dc.date.accessioned | 2022-10-27T12:22:12Z | |
| dc.date.available | 2022-10-27T12:22:12Z | |
| dc.description.abstract | <p>Man-in-the-browser (MitB) attacks, often implemented as malicious browser extensions, have the ability to alter the structure and contents of web pages, and stealthily change the data given by the user before it is sent to the server. This is done without the user or the online service (the server) noticing anything suspicious. In this study, we present a case study on the man-in-the-browser attack. Our proof-of-concept implementation demonstrates how easily this attack can be implemented as a malicious browser extension. The implementation is a UI-level, cross-browser implementation using JavaScript. We also successfully test the extension in a real online bank. By demonstrating a practical man-in-the-browser attack, our research highlights the need to better monitor and control malicious browser extensions.<br /></p> | |
| dc.format.pagerange | 60 | |
| dc.format.pagerange | 71 | |
| dc.identifier.isbn | 978-981-15-4824-6 | |
| dc.identifier.issn | 1865-0929 | |
| dc.identifier.jour-issn | 1865-0929 | |
| dc.identifier.olddbid | 175044 | |
| dc.identifier.oldhandle | 10024/158138 | |
| dc.identifier.uri | https://www.utupub.fi/handle/11111/35386 | |
| dc.identifier.urn | URN:NBN:fi-fe2021042823400 | |
| dc.language.iso | en | |
| dc.okm.affiliatedauthor | Rauti, Sampsa | |
| dc.okm.discipline | 113 Computer and information sciences | en_GB |
| dc.okm.discipline | 113 Tietojenkäsittely ja informaatiotieteet | fi_FI |
| dc.okm.internationalcopublication | not an international co-publication | |
| dc.okm.internationality | International publication | |
| dc.okm.type | A4 Conference Article | |
| dc.relation.conference | International Symposium on Security in Computing and Communication | |
| dc.relation.doi | 10.1007/978-981-15-4825-3_5 | |
| dc.relation.ispartofjournal | Communications in Computer and Information Science | |
| dc.relation.ispartofseries | Communications in Computer and Information Science | |
| dc.relation.volume | 1208 | |
| dc.source.identifier | https://www.utupub.fi/handle/10024/158138 | |
| dc.title | Man-in-the-browser Attack: A Case Study on Malicious Browser Extensions | |
| dc.title.book | Security in Computing and Communications: 7th International Symposium, SSCC 2019, Trivandrum, India, December 18–21, 2019, Revised Selected Papers | |
| dc.year.issued | 2020 |
Tiedostot
1 - 1 / 1
Ladataan...
- Name:
- MitB_case.pdf
- Size:
- 196.13 KB
- Format:
- Adobe Portable Document Format
- Description:
- Final draft