A4 Vertaisarvioitu artikkeli konferenssijulkaisussa
Man-in-the-browser Attack: A Case Study on Malicious Browser Extensions
Tekijät: Sampsa Rauti
Toimittaja: Sabu M. Thampi, Gregorio Martinez Perez, Ryan Ko, Danda B. Rawat
Konferenssin vakiintunut nimi: International Symposium on Security in Computing and Communication
Julkaisuvuosi: 2020
Journal: Communications in Computer and Information Science
Kokoomateoksen nimi: Security in Computing and Communications: 7th International Symposium, SSCC 2019, Trivandrum, India, December 18–21, 2019, Revised Selected Papers
Sarjan nimi: Communications in Computer and Information Science
Vuosikerta: 1208
Aloitussivu: 60
Lopetussivu: 71
ISBN: 978-981-15-4824-6
ISSN: 1865-0929
DOI: https://doi.org/10.1007/978-981-15-4825-3_5
Rinnakkaistallenteen osoite: https://research.utu.fi/converis/portal/detail/Publication/44603241
Man-in-the-browser (MitB) attacks, often implemented as malicious browser extensions, have the ability to alter the structure and contents of web pages, and stealthily change the data given by the user before it is sent to the server. This is done without the user or the online service (the server) noticing anything suspicious. In this study, we present a case study on the man-in-the-browser attack. Our proof-of-concept implementation demonstrates how easily this attack can be implemented as a malicious browser extension. The implementation is a UI-level, cross-browser implementation using JavaScript. We also successfully test the extension in a real online bank. By demonstrating a practical man-in-the-browser attack, our research highlights the need to better monitor and control malicious browser extensions.
Ladattava julkaisu This is an electronic reprint of the original article. |  |
