Home / Threat Intelligence bulletins / Browser in Browser technique makes phishing sites more convincing


A new phishing kit has been published to GitHub which makes it easier to spoof login pages.
The Browser in Browser technique uses HTML and CSS to create a fake URL bar which can trick even careful users.


Phishing sites using this template can create SSO pop-up windows which appear to be legitimate.

Affected Products

The phishing kit has templates for Chrome on Windows and MacOS.
The technique itself could be used in other browsers.

Containment, Mitigations & Remediations

The victim would need to navigate to a malicious phishing site for the pop-up to display.
The usual anti-phishing protections which prevent users from accessing malicious sites are still effective.

Indicators of Compromise

SVG files contained in the phish kit:

Threat Landscape

Phishing is the most common type of cyber-attack and criminals are constantly looking for ways to improve the successfulness of their attacks. This technique does that, while its incorporation into a toolkit places this mechanism of attack easily into the capability and realms of novices.

Mitre Methodologies

T1566.002 – Phishing: Spearphishing Link

Further Information

Browser In The Browser (BITB) Attack

mrd0x/BITB – GitHub