Browser-in-the-Browser (BitB) Attack Kit
$44.99
Browser-in-the-Browser Attack Kit
Implementation of the BitB attack (mr.d0x) with updated templates:
- Window Templates — Pixel-perfect replicas of Chrome, Firefox, Edge, and Safari OAuth popup windows for Windows 10/11 and macOS, including proper title bar styling, shadows, and animations.
- SSO Providers — Pre-built login forms for Google, Microsoft, Apple, Facebook, GitHub, and Twitter OAuth flows with accurate field layouts and branding.
- Credential Capture — JavaScript-based capture of credentials entered in the fake popup, with real-time exfiltration to attacker-controlled endpoint via encrypted HTTPS POST.
- MFA Handling — Supports real-time proxying of MFA challenges: the fake popup shows the real MFA prompt while the attacker relays credentials to the legitimate service.
- URL Bar Simulation — The fake popup displays a convincing URL bar showing the legitimate domain with valid HTTPS padlock, exploiting user trust in the popup address bar.
- Anti-Detection — Randomized CSS class names, dynamic DOM generation, and iframe sandboxing to evade automated phishing detection systems.