BITB

The BITB project offers a collection of browser window templates designed for "Browser In The Browser" (BITB) phishing attacks. This technique creates a fake browser window within the legitimate browser, mimicking popular login pages to trick users into revealing credentials.

Key Features:

• Variety of Templates: Includes templates for different operating systems and browser modes (e.g., MacOS-Chrome-DarkMode, Windows-Chrome-LightMode).
• Customizable Variables: Easily modify index.html files to set the page title, masqueraded domain name, domain path, and the actual phishing link embedded in an iFrame.
• Windows-DarkMode-Delay: A specific template demonstrating delayed pop-up window appearance using jQuery's fadeIn() function, enhancing realism.
• OS and Color Preference Detection Guidance: Provides resources on how to detect the user's operating system and color preference (dark/light mode) to serve the most convincing template.

Use Cases:

• Social Engineering Engagements: Red team operators and penetration testers can use these templates to conduct realistic phishing simulations.
• Security Awareness Training: Organizations can demonstrate the sophistication of phishing attacks to employees, improving their ability to identify and report such threats.

Detection Methods Highlighted:

• Window Dragging: A key indicator of a BITB attack is the inability to drag the fake browser window outside the boundaries of the legitimate browser window.
• Browser Extensions: Mentions a browser extension by @odacavo (enhanced-iframe-protection) designed to detect and warn users about embedded iframes, which are central to BITB attacks.

Disclaimer: The project explicitly states that usage for attacking targets without prior consent is illegal and emphasizes the end user's responsibility to obey all applicable laws.