A Tool for Detecting Man in the Browser (MitB) Attacks using Dynamic Analysis of Web Pages
Detection of browser attacks is considered a serious challenge in today’s web applications. Man in the Browser (MitB) attack is an important type of these attacks that can lead to changes in web page contents, interference in network traffic, session hijacking, and user information theft by using Trojans. In this paper, an efficient tool for real-time detection of MitB attacks through dynamic analysis of web pages based on the description of attack patterns is presented. The advantage of the proposed tool is that it is not limited to identifying one or more specific attacks and the identification method code is not embedded in the tool, but the patterns of different attacks are specified separately. In order to evaluate the presented tool, two vulnerable web services provided by OWASP, which have a wide range of known vulnerabilities, were used along with the BeEF penetration test framework, and a set of MitB attacks were practically implemented and evaluated by the tool. The same tests were performed using three other similar tools and compared with the developed tool. In addition to the superiority of the presented tool in terms of the independence of attack descriptions from the tool itself, the results show that the accuracy and readability of its diagnosis are better than similar tools.
-
CST-SDL: A Scenario Description Language for Collaborative Security Training in Cyber Ranges
Navid Shirmohammadi, *
International Journal of Information Security, Jan 2025 -
Intelligent Automation of Scenario Execution in Cyber Ranges Using Machine Learning Techniques
Farnoosh Karimi, *, Behrouz Shahgholi Ghahfarokhi
Journal Monadi for Cyberspace Security (AFTA),