Browser extension-based man-in-the-browser attacks against Ajax applications with countermeasures - UTU Research Portal

A4 Refereed article in a conference publication

Browser extension-based man-in-the-browser attacks against Ajax applications with countermeasures

Authors: Sampsa Rauti, Ville Leppänen

Editors: Boris Rachev, Angel Smrikarov

Conference name: International Conference on Computer Systems and Technologies

Publishing place: New York, NY

Publication year: 2012

Book title : CompSysTech '12: Proceedings of the 13th International Conference on Computer Systems and Technologies

First page : 251

Last page: 258

ISBN: 978-1-4503-1193-9

DOI: https://doi.org/10.1145/2383276.2383314

Self-archived copy’s web address: https://research.utu.fi/converis/portal/detail/Publication/3091546

Abstract

As the web pages today rely on Ajax and JavaScript, a larger attack surface becomes available. This paper presents in detail several different man-in-the-browser attacks against Ajax applications. We implemented browser extensions for Mozilla Firefox to demonstrate these attacks and their effectiveness. Some countermeasures to mitigate the problem are also considered. We conclude that man-in-the-browser attacks are a serious threat to online applications and there are only partial countermeasures to alleviate the problem.

Downloadable publication

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

mitb.pdf