Browser In The Browser (BITB) Attack demo
This demonstration of a Browser In The Browser Attack is provided by the CyberPeace Institute for educational puropose only. No data are collected in the process.
The demonstration simulates a website asking you to connect with your Google account. The window that opens is a fake one, even if the URL seems correct.
To start the demo, click below on "Sign in with Google"
How to detect it?
If you try to move the popup out of the screen you can see it is staying within the browser windows. This showcase the fact that the login popup is not an independant one as it should be but an emulation in a webpage.
Sign in to your account now
—
□
✕
https://accounts.google.com
/signin/v2/identifier?continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&sacu=1&rip=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin