{"id":31937,"date":"2024-02-05T10:31:28","date_gmt":"2024-02-05T10:31:28","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=31937"},"modified":"2024-02-05T10:33:35","modified_gmt":"2024-02-05T10:33:35","slug":"frameless-bitb","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/","title":{"rendered":"Frameless BITB &#8211; A New Approach To Phishing Attacks"},"content":{"rendered":"\n<p>A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft.<\/p>\n\n\n\n<p>This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet.<\/p>\n\n\n\n<p>Before diving deep into this, I recommend that you first check my talk at BSides 2023, where I first introduced this concept along with important details on how to craft the &#8220;perfect&#8221; phishing attack.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.buymeacoffee.com\/waelmas\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Buy Me A Coffee<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/waelmas\/frameless-bitb#video-tutorial\"><strong>Video Tutorial:&nbsp;<\/strong><\/a><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/waelmas\/frameless-bitb#disclaimer\"><\/a><strong>Disclaimer<\/strong><\/h3>\n\n\n\n<p>This tool is for educational and research purposes only. It demonstrates a non-iframe based Browser In The Browser (BITB) method. <\/p>\n\n\n\n<p>The author is not responsible for any misuse. Use this tool only legally and ethically, in controlled environments for cybersecurity defense testing. By using this tool, you agree to do so responsibly and at your own risk.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/waelmas\/frameless-bitb#backstory---the-why\"><\/a><strong>Backstory &#8211; The Why<\/strong><\/h2>\n\n\n\n<p>Over the past year, I&#8217;ve been experimenting with different tricks to craft the &#8220;perfect&#8221; phishing attack. The typical &#8220;red flags&#8221; people are trained to look for are things like urgency, threats, authority, poor grammar, etc. <\/p>\n\n\n\n<p>The next best thing people nowadays check is the link\/URL of the website they are interacting with, and they tend to get very conscious the moment they are asked to enter sensitive credentials like emails and passwords.<\/p>\n\n\n\n<p>That&#8217;s where Browser In The Browser (BITB) came into play. Originally introduced by @mrd0x, BITB is a concept of creating the appearance of a believable browser window inside of which the attacker controls the content (by serving the malicious website inside an iframe). <\/p>\n\n\n\n<p>However, the fake URL bar of the fake browser window is set to the legitimate site the user would expect. This combined with a tool like Evilginx becomes the perfect recipe for a believable phishing attack.<\/p>\n\n\n\n<p>The problem is that over the past months\/years, major websites like Microsoft implemented various little tricks called &#8220;framebusters\/framekillers&#8221; which mainly attempt to break iframes that might be used to serve the proxied website like in the case of Evilginx.<\/p>\n\n\n\n<p>In short, Evilginx + BITB for websites like Microsoft no longer works. At least not with a BITB that relies on iframes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/waelmas\/frameless-bitb#the-what\"><\/a><strong>The What<\/strong><\/h2>\n\n\n\n<p>A Browser In The Browser (BITB) without any iframes! As simple as that.<\/p>\n\n\n\n<p>Meaning that we can now use BITB with Evilginx on websites like Microsoft.<\/p>\n\n\n\n<p>Evilginx here is just a strong example, but the same concept can be used for other use-cases as well.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/waelmas\/frameless-bitb#the-how\"><\/a><strong>The How<\/strong><\/h2>\n\n\n\n<p>Framebusters target iframes specifically, so the idea is to create the BITB effect without the use of iframes, and without disrupting the original structure\/content of the proxied page. <\/p>\n\n\n\n<p>This can be achieved by injecting scripts and HTML besides the original content using search and replace (aka substitutions), then relying completely on HTML\/CSS\/JS tricks to make the visual effect. <\/p>\n\n\n\n<p>We also use an additional trick called &#8220;Shadow DOM&#8221; in HTML to place the content of the landing page (background) in such a way that it does not interfere with the proxied content, allowing us to flexibly use any landing page with minor additional JS scripts.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/waelmas\/frameless-bitb#instructions\"><\/a><strong>Instructions<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Local VM:<\/strong><\/h3>\n\n\n\n<p>Create a local Linux VM. (I personally use Ubuntu 22 on VMWare Player or Parallels Desktop)<\/p>\n\n\n\n<p>Update and Upgrade system packages:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update &amp;&amp; sudo apt upgrade -y<\/code><\/pre>\n\n\n\n<p>For more information click <a href=\"https:\/\/github.com\/waelmas\/frameless-bitb\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I recommend that you first check my [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":31941,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20],"tags":[737,6537,6321,6052,6325],"class_list":["post-31937","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cybersecurity","tag-frameless-bitb","tag-informationsecurity","tag-kalilinux","tag-kalilinuxtools"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Frameless BITB - A New Approach To Phishing Attacks<\/title>\n<meta name=\"description\" content=\"A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Frameless BITB - A New Approach To Phishing Attacks\" \/>\n<meta property=\"og:description\" content=\"A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-05T10:31:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-05T10:33:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp\" \/>\n<meta name=\"author\" content=\"Varshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Varshini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/\"},\"author\":{\"name\":\"Varshini\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\"},\"headline\":\"Frameless BITB &#8211; A New Approach To Phishing Attacks\",\"datePublished\":\"2024-02-05T10:31:28+00:00\",\"dateModified\":\"2024-02-05T10:33:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/\"},\"wordCount\":556,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp\",\"keywords\":[\"cybersecurity\",\"Frameless BITB\",\"informationsecurity\",\"kalilinux\",\"kalilinuxtools\"],\"articleSection\":[\"Cyber security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/\",\"name\":\"Frameless BITB - A New Approach To Phishing Attacks\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp\",\"datePublished\":\"2024-02-05T10:31:28+00:00\",\"dateModified\":\"2024-02-05T10:33:35+00:00\",\"description\":\"A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp\",\"width\":\"1600\",\"height\":\"900\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\",\"name\":\"Varshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"caption\":\"Varshini\"},\"description\":\"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.\",\"sameAs\":[\"http:\/\/kalilinuxtutorials.com\",\"https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/\"],\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Frameless BITB - A New Approach To Phishing Attacks","description":"A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/","og_locale":"en_US","og_type":"article","og_title":"Frameless BITB - A New Approach To Phishing Attacks","og_description":"A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by","og_url":"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2024-02-05T10:31:28+00:00","article_modified_time":"2024-02-05T10:33:35+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp","type":"","width":"","height":""}],"author":"Varshini","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"Varshini","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/"},"author":{"name":"Varshini","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa"},"headline":"Frameless BITB &#8211; A New Approach To Phishing Attacks","datePublished":"2024-02-05T10:31:28+00:00","dateModified":"2024-02-05T10:33:35+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/"},"wordCount":556,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp","keywords":["cybersecurity","Frameless BITB","informationsecurity","kalilinux","kalilinuxtools"],"articleSection":["Cyber security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/frameless-bitb\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/","url":"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/","name":"Frameless BITB - A New Approach To Phishing Attacks","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp","datePublished":"2024-02-05T10:31:28+00:00","dateModified":"2024-02-05T10:33:35+00:00","description":"A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/frameless-bitb\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/frameless-bitb\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp","width":"1600","height":"900"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa","name":"Varshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","caption":"Varshini"},"description":"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.","sameAs":["http:\/\/kalilinuxtutorials.com","https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/"],"url":"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgrIkx5iB5QHFPz9iC-AvFCu3HugQjUE_OrByj3V3oU7OPPIAvcoJSbAO73UEsxsJbBpc9-0Rcf7Ie49xWRPhMNTE8BrhaQQqNLo4JwBQyDyyMG3JF7X-xm-uKHJIlHH58XUC1OIb3PTudUXX4kpfgkxgaS0rMULmNZ3zZ0BBY6JpBBZbFdv2nMunzMR0fi\/s16000\/Untitled%20design%20(16).webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":25193,"url":"https:\/\/kalilinuxtutorials.com\/bitb\/","url_meta":{"origin":31937,"position":0},"title":"BITB : Browser In The Browser (BITB) Templates","author":"R K","date":"June 16, 2022","format":false,"excerpt":"BITB is a Browser templates for Browser In The Browser (BITB) attack. Usage Each folder has a\u00a0index.html\u00a0file which has 4 variables that must be modified: XX-TITLE-XX\u00a0- The title that shows up for the page (e.g. Sign in to your account now)XX-DOMAIN-NAME-XX\u00a0- Domain name you're masquerading as. (e.g. gmail.com)XX-DOMAIN-PATH-XX\u00a0- Domain path\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiapDKFeiDoFNj51BPlWQvP72bcY9MTtoG1Ncr55MrWJURnz1HzEtIRdDhUPmczof_YjsErxM3AOTCMG_Etlyak4O-uQOmA0q5PPdsj93gdVIVeNLVL_0S9ewlOvhC0EzL_leZrwXrkwsdRnqFJPqPepXasJb2dLSFmBHhgdFKGo4PFCEqFfwlWe0SA\/s728\/maxresdefault.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiapDKFeiDoFNj51BPlWQvP72bcY9MTtoG1Ncr55MrWJURnz1HzEtIRdDhUPmczof_YjsErxM3AOTCMG_Etlyak4O-uQOmA0q5PPdsj93gdVIVeNLVL_0S9ewlOvhC0EzL_leZrwXrkwsdRnqFJPqPepXasJb2dLSFmBHhgdFKGo4PFCEqFfwlWe0SA\/s728\/maxresdefault.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiapDKFeiDoFNj51BPlWQvP72bcY9MTtoG1Ncr55MrWJURnz1HzEtIRdDhUPmczof_YjsErxM3AOTCMG_Etlyak4O-uQOmA0q5PPdsj93gdVIVeNLVL_0S9ewlOvhC0EzL_leZrwXrkwsdRnqFJPqPepXasJb2dLSFmBHhgdFKGo4PFCEqFfwlWe0SA\/s728\/maxresdefault.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiapDKFeiDoFNj51BPlWQvP72bcY9MTtoG1Ncr55MrWJURnz1HzEtIRdDhUPmczof_YjsErxM3AOTCMG_Etlyak4O-uQOmA0q5PPdsj93gdVIVeNLVL_0S9ewlOvhC0EzL_leZrwXrkwsdRnqFJPqPepXasJb2dLSFmBHhgdFKGo4PFCEqFfwlWe0SA\/s728\/maxresdefault.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":29812,"url":"https:\/\/kalilinuxtutorials.com\/browser-in-the-browser\/","url_meta":{"origin":31937,"position":1},"title":"BITB &#8211; Browser Templates For The Browser In The Browser Attack","author":"Varshini","date":"August 15, 2023","format":false,"excerpt":"The idea of a BITB (Browser Templates For The Browser In The Browser) attack came about because of new computer threats. This advanced method includes manipulating browsers within browsers and taking advantage of security holes to break security. By looking into the details of this attack, we find a scary\u2026","rel":"","context":"In &quot;Phishing&quot;","block_context":{"text":"Phishing","link":"https:\/\/kalilinuxtutorials.com\/category\/phishing\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEifKxUu1XMDWJigHiQbfRE_ZlQSZdBjoFG2AZ-0kTIONIqWprEDJAY9XbZaGmZ6bwF76AkFaYEIw-cRGSzaZy8XJo0rDp3sGfAX_40d7EtLPU9ftkCSG-kdzFzfIYp0i4pZ8xTorMrTuD_d78bngQ5Cv9kRbXcaxY9UJ_QolI6_QD7kID736RYh1twFOQ\/s16000\/BITB.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEifKxUu1XMDWJigHiQbfRE_ZlQSZdBjoFG2AZ-0kTIONIqWprEDJAY9XbZaGmZ6bwF76AkFaYEIw-cRGSzaZy8XJo0rDp3sGfAX_40d7EtLPU9ftkCSG-kdzFzfIYp0i4pZ8xTorMrTuD_d78bngQ5Cv9kRbXcaxY9UJ_QolI6_QD7kID736RYh1twFOQ\/s16000\/BITB.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEifKxUu1XMDWJigHiQbfRE_ZlQSZdBjoFG2AZ-0kTIONIqWprEDJAY9XbZaGmZ6bwF76AkFaYEIw-cRGSzaZy8XJo0rDp3sGfAX_40d7EtLPU9ftkCSG-kdzFzfIYp0i4pZ8xTorMrTuD_d78bngQ5Cv9kRbXcaxY9UJ_QolI6_QD7kID736RYh1twFOQ\/s16000\/BITB.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEifKxUu1XMDWJigHiQbfRE_ZlQSZdBjoFG2AZ-0kTIONIqWprEDJAY9XbZaGmZ6bwF76AkFaYEIw-cRGSzaZy8XJo0rDp3sGfAX_40d7EtLPU9ftkCSG-kdzFzfIYp0i4pZ8xTorMrTuD_d78bngQ5Cv9kRbXcaxY9UJ_QolI6_QD7kID736RYh1twFOQ\/s16000\/BITB.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":33360,"url":"https:\/\/kalilinuxtutorials.com\/phishing-engagement-infrastructure-setup-guide\/","url_meta":{"origin":31937,"position":2},"title":"Phishing Engagement Infrastructure Setup Guide","author":"Varshini","date":"June 14, 2024","format":false,"excerpt":"The essential steps and strategies for setting up a robust phishing engagement infrastructure. From acquiring and categorizing domains to automating your phishing efforts, this article provides practical insights and resources for building effective phishing campaigns. We also delve into innovative methods for email delivery that bypass common security filters, ensuring\u2026","rel":"","context":"In &quot;Phishing&quot;","block_context":{"text":"Phishing","link":"https:\/\/kalilinuxtutorials.com\/category\/phishing\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhSMWc6ILejeKSz_1rEi6_9BxZNRzbtcLGDAg6Ol2iGnbzM23a1t2lGtESaftwR1f1rVKCoNz5GvVF5yV6j0GHu1GqlHdYWbZpltATTtOuxgQwGk6GMDo2U5NqUmU_my2vPm3gASiiSMT0_JrwxMebospdDhkNDlPwfDaoxQ1_C2AUJEO2mZSm-8ylGk2eR\/s16000\/SharePoint%20XXE%20Injection%20Vulnerability.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhSMWc6ILejeKSz_1rEi6_9BxZNRzbtcLGDAg6Ol2iGnbzM23a1t2lGtESaftwR1f1rVKCoNz5GvVF5yV6j0GHu1GqlHdYWbZpltATTtOuxgQwGk6GMDo2U5NqUmU_my2vPm3gASiiSMT0_JrwxMebospdDhkNDlPwfDaoxQ1_C2AUJEO2mZSm-8ylGk2eR\/s16000\/SharePoint%20XXE%20Injection%20Vulnerability.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhSMWc6ILejeKSz_1rEi6_9BxZNRzbtcLGDAg6Ol2iGnbzM23a1t2lGtESaftwR1f1rVKCoNz5GvVF5yV6j0GHu1GqlHdYWbZpltATTtOuxgQwGk6GMDo2U5NqUmU_my2vPm3gASiiSMT0_JrwxMebospdDhkNDlPwfDaoxQ1_C2AUJEO2mZSm-8ylGk2eR\/s16000\/SharePoint%20XXE%20Injection%20Vulnerability.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhSMWc6ILejeKSz_1rEi6_9BxZNRzbtcLGDAg6Ol2iGnbzM23a1t2lGtESaftwR1f1rVKCoNz5GvVF5yV6j0GHu1GqlHdYWbZpltATTtOuxgQwGk6GMDo2U5NqUmU_my2vPm3gASiiSMT0_JrwxMebospdDhkNDlPwfDaoxQ1_C2AUJEO2mZSm-8ylGk2eR\/s16000\/SharePoint%20XXE%20Injection%20Vulnerability.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhSMWc6ILejeKSz_1rEi6_9BxZNRzbtcLGDAg6Ol2iGnbzM23a1t2lGtESaftwR1f1rVKCoNz5GvVF5yV6j0GHu1GqlHdYWbZpltATTtOuxgQwGk6GMDo2U5NqUmU_my2vPm3gASiiSMT0_JrwxMebospdDhkNDlPwfDaoxQ1_C2AUJEO2mZSm-8ylGk2eR\/s16000\/SharePoint%20XXE%20Injection%20Vulnerability.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhSMWc6ILejeKSz_1rEi6_9BxZNRzbtcLGDAg6Ol2iGnbzM23a1t2lGtESaftwR1f1rVKCoNz5GvVF5yV6j0GHu1GqlHdYWbZpltATTtOuxgQwGk6GMDo2U5NqUmU_my2vPm3gASiiSMT0_JrwxMebospdDhkNDlPwfDaoxQ1_C2AUJEO2mZSm-8ylGk2eR\/s16000\/SharePoint%20XXE%20Injection%20Vulnerability.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":35715,"url":"https:\/\/kalilinuxtutorials.com\/browser-autofill-phishing\/","url_meta":{"origin":31937,"position":3},"title":"Browser Autofill Phishing &#8211; The Hidden Dangers And Security Risks","author":"Varshini","date":"January 20, 2025","format":false,"excerpt":"In today\u2019s digital age, convenience often comes at the cost of security. One such overlooked convenience is the browser autofill feature\u2014a handy tool that can inadvertently become a gateway for phishing attacks. This article explores a subtle yet significant vulnerability: browser autofill phishing. We delve into how browsers handle autofill\u2026","rel":"","context":"In &quot;Phishing&quot;","block_context":{"text":"Phishing","link":"https:\/\/kalilinuxtutorials.com\/category\/phishing\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Browser-Autofill-Phishing.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Browser-Autofill-Phishing.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Browser-Autofill-Phishing.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Browser-Autofill-Phishing.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Browser-Autofill-Phishing.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Browser-Autofill-Phishing.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":2110,"url":"https:\/\/kalilinuxtutorials.com\/reelphish-two-factor-phishing-tool\/","url_meta":{"origin":31937,"position":4},"title":"ReelPhish &#8211; A Real-Time Two-Factor Phishing Tool","author":"R K","date":"August 1, 2018","format":false,"excerpt":"Security Firm FireEye Released a new Phishing tool called ReelPhish to simplifies the real-time Phishing attack that is designed to be run on the attacker\u2019s system and control it by navigating the Attacker web browser. Also Read\u00a0WTF \u2013 A Personal Information Dashboard For Your Terminal ReelPhish Phishing Instillation The latest\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"https:\/\/github.com\/Nekmo\/dirhunt","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/button_download.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":1507,"url":"https:\/\/kalilinuxtutorials.com\/reelphish-phishing-tool\/","url_meta":{"origin":31937,"position":5},"title":"ReelPhish &#8211; A Real-Time Two-Factor Phishing Tool","author":"R K","date":"June 8, 2018","format":false,"excerpt":"ReelPhish is a real-time two-factor phishing tool. This ReelPhish tool has been released along with a FireEye blog post. The blog post can be found by clicking here. Installation Steps For ReelPhish The latest release of Python 2.7.x is required. Install Selenium, a required dependency to run the browser drivers.\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/button_download.png?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31937","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=31937"}],"version-history":[{"count":3,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31937\/revisions"}],"predecessor-version":[{"id":31943,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31937\/revisions\/31943"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/31941"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=31937"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=31937"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=31937"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}