{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T10:45:59Z","timestamp":1773830759820,"version":"3.50.1"},"reference-count":44,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2021,4,17]],"date-time":"2021-04-17T00:00:00Z","timestamp":1618617600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,4,17]],"date-time":"2021-04-17T00:00:00Z","timestamp":1618617600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Universit\u00e0 del Salento"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2022,4]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p><jats:italic>Man-in-the-Middle<\/jats:italic> (MitM), one of the best known attacks in the world of computer security, is among the greatest concerns for professionals in the field. Main goal of MitM is to compromise confidentiality, integrity and availability of data flowing between source and destination. However, most of its many variants involve difficulties that make it not always possible. The present paper aims at modelling and describing a new method of attack, named <jats:italic>Browser-in-the-Middle<\/jats:italic> (BitM) which, despite the similarities with MitM in the way it controls the data flow between a client and the service it accesses, bypasses some of MitM\u2019s typical shortcomings. It could be started by phishing techniques and in some cases coupled to the well-known <jats:italic>Man-in-the-Browser<\/jats:italic> (MitB) attack. It will be seen how BitM expands the range of the possible attacker\u2019s actions, at the same time making them easier to implement. Among its features, the absence of the need to install malware of any kind on the victim\u2019s machine and the total control it allows the attacker are to be emphasized.<\/jats:p>","DOI":"10.1007\/s10207-021-00548-5","type":"journal-article","created":{"date-parts":[[2021,4,17]],"date-time":"2021-04-17T06:02:53Z","timestamp":1618639373000},"page":"179-189","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["Browser-in-the-Middle (BitM) attack"],"prefix":"10.1007","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2419-7381","authenticated-orcid":false,"given":"Franco","family":"Tommasi","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4038-2317","authenticated-orcid":false,"given":"Christian","family":"Catalano","sequence":"additional","affiliation":[]},{"given":"Ivan","family":"Taurino","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,4,17]]},"reference":[{"issue":"3","key":"548_CR1","doi-asserted-by":"publisher","first-page":"2027","DOI":"10.1109\/COMST.2016.2548426","volume":"18","author":"M Conti","year":"2016","unstructured":"Conti, M., Dragoni, N., Lesyk, V.: A survey of man in the middle attacks. IEEE Commun. Surv. Tutor. 18(3), 2027\u20132051 (2016)","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"2","key":"548_CR2","doi-asserted-by":"publisher","first-page":"77","DOI":"10.5267\/j.ijdns.2019.1.001","volume":"3","author":"A Mallik","year":"2019","unstructured":"Mallik, A., Ahsan, A., Shahadat, M., Tsou, J.: Man-in-the-middle-attack: understanding in simple words. Int. J. Data Netw. Sci. 3(2), 77\u201392 (2019)","journal-title":"Int. J. Data Netw. Sci."},{"issue":"1","key":"548_CR3","doi-asserted-by":"publisher","first-page":"29","DOI":"10.4018\/jaci.2012010103","volume":"4","author":"T Dougan","year":"2012","unstructured":"Dougan, T., Curran, K.: Man in the browser attacks. Int. J. Ambient Comput. Intell. (IJACI) 4(1), 29\u201339 (2012)","journal-title":"Int. J. Ambient Comput. Intell. (IJACI)"},{"issue":"1","key":"548_CR4","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1109\/MSP.2009.12","volume":"7","author":"F Callegati","year":"2009","unstructured":"Callegati, F., Cerroni, W., Ramilli, M.: Man-in-the-middle attack to the HTTPS protocol. IEEE Secur. Priv. 7(1), 78\u201381 (2009)","journal-title":"IEEE Secur. Priv."},{"issue":"1","key":"548_CR5","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/s00779-017-1081-6","volume":"22","author":"DZ Sun","year":"2018","unstructured":"Sun, D.Z., Mu, Y., Susilo, W.: Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5. 0 and its countermeasure. Pers. Ubiquitous Comput. 22(1), 55\u201367 (2018)","journal-title":"Pers. Ubiquitous Comput."},{"key":"548_CR6","doi-asserted-by":"crossref","unstructured":"Rupprecht, D., Kohls, K., Holz, T., P\u00f6pper, C.: Breaking LTE on layer two. In IEEE Symposium on Security and Privacy (SP) (2019)","DOI":"10.1109\/SP.2019.00006"},{"key":"548_CR7","doi-asserted-by":"crossref","unstructured":"Navas, R.E., Le Bouder, H., Cuppens, N., Cuppens, F., Papadopoulos, G.Z.: Do not trust your neighbors! A small IoT platform illustrating a man-in-the-middle attack. In international conference on Ad-Hoc networks and wireless (pp. 120-125). Springer, Cham (2018)","DOI":"10.1007\/978-3-030-00247-3_11"},{"key":"548_CR8","unstructured":"Bui, T., Rao, S.P., Antikainen, M., Bojan, V.M., Aura, T.: Man-in-the-machine: exploiting ill-secured communication inside the computer. In 27th USENIX security symposium (USENIX Security 18) (pp. 1511-1525) (2018)"},{"key":"548_CR9","unstructured":"Ayyagari, K.S.A.: Man in the browser attacks (2017)"},{"key":"548_CR10","doi-asserted-by":"crossref","unstructured":"Rauti, S., Lepp\u00e4nen, V.: Browser extension-based man-in-the-browser attacks against Ajax applications with countermeasures. In proceedings of the 13th international conference on computer systems and technologies (pp. 251-258). ACM (2012)","DOI":"10.1145\/2383276.2383314"},{"issue":"10","key":"548_CR11","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1016\/S1353-4858(15)30090-8","volume":"2015","author":"C Marrison","year":"2015","unstructured":"Marrison, C.: Understanding the threats to DNS and how to secure it. Netw. Secur. 2015(10), 8\u201310 (2015)","journal-title":"Netw. Secur."},{"issue":"4","key":"548_CR12","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1145\/2501654.2501663","volume":"45","author":"J Chang","year":"2013","unstructured":"Chang, J., Venkatasubramanian, K.K., West, A.G., Lee, I.: Analyzing and defending against web-based malware. ACM Comput. Surv. (CSUR) 45(4), 49 (2013)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"548_CR13","first-page":"4","volume":"7","author":"N Provos","year":"2007","unstructured":"Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The ghost in the browser: analysis of web-based malware. HotBots 7, 4 (2007)","journal-title":"HotBots"},{"key":"548_CR14","doi-asserted-by":"crossref","unstructured":"Binsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L.: On the analysis of the zeus botnet crimeware toolkit. In 2010 eighth international conference on privacy, security and trust (pp. 31-38). IEEE (2010)","DOI":"10.1109\/PST.2010.5593240"},{"key":"548_CR15","unstructured":"Shields, M.: Trojan virus steals banking info. http:\/\/news.bbc.co.uk\/2\/hi\/technology\/7701227.stm"},{"issue":"3","key":"548_CR16","first-page":"365","volume":"3","author":"AH Al-hamami","year":"2012","unstructured":"Al-hamami, A.H., Najadat, F.A.O., Wahhab, M.S.A.: Web application security of money transfer systems. J. Emerg. Trends Comput. Inf. Sci. 3(3), 365\u2013372 (2012)","journal-title":"J. Emerg. Trends Comput. Inf. Sci."},{"key":"548_CR17","unstructured":"Kalige, E., Burkey, D., Director, I.P.S.: A case study of eurograbber: How 36 million euros was stolen via malware. Versafe (White paper) 35, (2012)"},{"key":"548_CR18","unstructured":"Umawing, J.: Malware Eko affecting French Facebook users. https:\/\/blog.malwarebytes.com\/cybercrime\/2016\/10\/malware-eko-affecting-french-facebook-users\/ (2019)"},{"key":"548_CR19","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.eswa.2018.03.050","volume":"106","author":"KL Chiew","year":"2018","unstructured":"Chiew, K.L., Yong, K.S.C., Tan, C.L.: A survey of phishing attacks: their types, vectors and technical approaches. Exp. Syst. Appl. 106, 1\u201320 (2018)","journal-title":"Exp. Syst. Appl."},{"issue":"1","key":"548_CR20","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1016\/S1361-3723(18)30007-1","volume":"2018","author":"I Vayansky","year":"2018","unstructured":"Vayansky, I., Kumar, S.: Phishing-challenges and solutions. Comput. Fraud Secur. 2018(1), 15\u201320 (2018)","journal-title":"Comput. Fraud Secur."},{"key":"548_CR21","unstructured":"Kinnunen, H.: Windowmanager for *nix Operation Systems http:\/\/fluxbox.org\/"},{"key":"548_CR22","unstructured":"https:\/\/www.chromium.org\/Home"},{"issue":"1","key":"548_CR23","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1109\/4236.656066","volume":"2","author":"T Richardson","year":"1998","unstructured":"Richardson, T., Stafford-Fraser, Q., Wood, K.R., Hopper, A.: Virtual network computing. IEEE Internet Comput. 2(1), 33\u201338 (1998)","journal-title":"IEEE Internet Comput."},{"key":"548_CR24","unstructured":"https:\/\/www.thegeekdiary.com\/linux-os-service-vncserver\/"},{"key":"548_CR25","volume-title":"The rfb protocol","author":"T Richardson","year":"1998","unstructured":"Richardson, T., Wood, K.R.: The rfb protocol. ORL, Cambridge (1998)"},{"key":"548_CR26","unstructured":"noVNC Project. https:\/\/novnc.com\/info.html"},{"key":"548_CR27","unstructured":"https:\/\/tools.ietf.org\/html\/rfc6455"},{"key":"548_CR28","unstructured":"https:\/\/github.com\/novnc\/websockify"},{"key":"548_CR29","unstructured":"https:\/\/github.com\/python-caldav\/caldav\/blob\/master\/tests\/proxy.py"},{"issue":"1","key":"548_CR30","doi-asserted-by":"publisher","first-page":"012008","DOI":"10.1088\/1742-6596\/954\/1\/012008","volume":"954","author":"R Rahim","year":"2018","unstructured":"Rahim, R., Nurdiyanto, H., Abdullah, D., Hartama, D., Napitupulu, D.: Keylogger application to monitoring users activity with exact string matching algorithm. J. Phys. Conf. Series 954(1), 012008 (2018)","journal-title":"J. Phys. Conf. Series"},{"key":"548_CR31","unstructured":"Moshchuk, A., Bragin, T., Deville, D., Gribble, S.D., Levy, H.M.: SpyProxy: Execution-based Detection of Malicious Web Content. In USENIX security symposium (pp. 1-16) (2007)"},{"key":"548_CR32","unstructured":"Wang, J.: Detection and analysis of web-based malware and vulnerability (Doctoral dissertation) (2018)"},{"key":"548_CR33","unstructured":"Alcorn, W.: Beef-the browser exploitation framework project (2013)"},{"key":"548_CR34","unstructured":"Sawant, H., Agaga, S.: Web browser attack using BeEF framework"},{"key":"548_CR35","unstructured":"https:\/\/chrome.google.com\/webstore\/detail\/fea-keylogger\/fgkghpghjcbfcflhoklkcincndlpobja"},{"key":"548_CR36","unstructured":"https:\/\/chrome.google.com\/webstore\/detail\/violentmonkey\/jinjaccalgkegednnccohejagnlnfdag"},{"key":"548_CR37","unstructured":"https:\/\/portswigger.net\/burp"},{"key":"548_CR38","unstructured":"https:\/\/web.telegram.org"},{"key":"548_CR39","unstructured":"Utakrit, N.: Review of browser extensions, a man-in-the-browser phishing techniques targeting bank customers. In proceedings of the 7th Australian information security management conference (2010)"},{"key":"548_CR40","volume-title":"Analyzing Man-in-the-Browser (MITB) Attacks","author":"C Cain","year":"2014","unstructured":"Cain, C.: Analyzing Man-in-the-Browser (MITB) Attacks. SANS Institute, Bethesda (2014)"},{"key":"548_CR41","doi-asserted-by":"publisher","first-page":"402","DOI":"10.1016\/j.cose.2019.07.001","volume":"86","author":"A Ahmad","year":"2019","unstructured":"Ahmad, A., Webb, J., Desouza, K.C., Boorman, J.: Strategically motivated advanced persistent threat: Definition, process, tactics and a disinformation model of counterattack. Comput. Secur. 86, 402\u2013418 (2019)","journal-title":"Comput. Secur."},{"key":"548_CR42","doi-asserted-by":"crossref","unstructured":"Taylor, C., Pasquale, J.: Improving video performance in VNC under high latency conditions. In: 2010 international symposium on collaborative technologies and systems (pp. 26-35). IEEE (2010)","DOI":"10.1109\/CTS.2010.5478527"},{"key":"548_CR43","unstructured":"https:\/\/androidpicks.com\/explain-apk\/"},{"key":"548_CR44","unstructured":"https:\/\/anbox.io\/"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00548-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-021-00548-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00548-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,3,21]],"date-time":"2022-03-21T08:04:59Z","timestamp":1647849899000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-021-00548-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,17]]},"references-count":44,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2022,4]]}},"alternative-id":["548"],"URL":"https:\/\/doi.org\/10.1007\/s10207-021-00548-5","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,4,17]]},"assertion":[{"value":"17 April 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"In this research, we have designed cyber attacks on personal banking websites, Telegram and Google account. These experiments have been performed against the author\u2019s bank accounts. All the experiments were performed by intercepting confidential information belonging exclusively to the authors of the paper. This research does not involve human participants and\/or animals.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Human participants and\/or Animals"}}]}}