man in the browser

Man in the browser is a security attack where the perpetrator installs a Trojan horse on a victim's computer that's capable of modifying that user's Web transactions as they occur in real time. According to security expert Philipp Guhring, the technology to launch a man in the browser attack is both high-tech and high priced. Use of the tactic has been limited to financial fraud in most cases, due to the resources required. Both Firefox and Internet Explorer on Windows have been successfully targeted.

Many experienced Web users are aware of phishing scams, in which an unsuspecting user is directed to a fake Web site through a link in an e-mail or some other notification. A man in the browser attack, however, unlike phishing, occurs when the victim has entered the URL into the browser independently, without an external prompt. On the surface, transactions are taking place normally with expected prompts and password requirements.

A man in the browser attack is similar to the man in the middle tactic, in which an attacker intercepts messages in a public key exchange. The attacker then retransmits them, substituting bogus public keys for the requested ones. A man in the browser attack is more difficult to prevent and disinfect, however, because instead of occurring in a public exchange, the activity takes place between the user and the security mechanisms within that user's browser.

This was last updated in August 2006

Continue Reading About man in the browser

Dig Deeper on Threats and vulnerabilities