A Survey on Countermeasures against Man-in-the-browser Attacks

Man-in-the-browser (MitB) attacks can modify the contents of a web page or alter data in messages exchanged over the network without the communicating parties (the user and the web service) noticing anything out of ordinary. In this paper, we present a systematic survey of countermeasures against man-in-the-browser attacks. While no countermeasure seems to be completely foolproof (and still usable) against these attacks, combining a set of solutions and more effectively enforcing them in real-world systems should greatly mitigate this threat in the future.