Browser-in-the-Browser (BitB) Attack Kit
Versionv2.0
Difficulty Intermediate
Updated2025-03-25
CategorySocial Engineering

Browser-in-the-Browser (BitB) Attack Kit

$44.99

Browser-in-the-Browser Attack Kit

Implementation of the BitB attack (mr.d0x) with updated templates:

  • Window Templates — Pixel-perfect replicas of Chrome, Firefox, Edge, and Safari OAuth popup windows for Windows 10/11 and macOS, including proper title bar styling, shadows, and animations.
  • SSO Providers — Pre-built login forms for Google, Microsoft, Apple, Facebook, GitHub, and Twitter OAuth flows with accurate field layouts and branding.
  • Credential Capture — JavaScript-based capture of credentials entered in the fake popup, with real-time exfiltration to attacker-controlled endpoint via encrypted HTTPS POST.
  • MFA Handling — Supports real-time proxying of MFA challenges: the fake popup shows the real MFA prompt while the attacker relays credentials to the legitimate service.
  • URL Bar Simulation — The fake popup displays a convincing URL bar showing the legitimate domain with valid HTTPS padlock, exploiting user trust in the popup address bar.
  • Anti-Detection — Randomized CSS class names, dynamic DOM generation, and iframe sandboxing to evade automated phishing detection systems.