84 lines
3.0 KiB
JavaScript
84 lines
3.0 KiB
JavaScript
const LessonModule = require('../base/LessonModule');
|
|
|
|
class BrowserInBrowserLesson extends LessonModule {
|
|
constructor(config) {
|
|
super(config);
|
|
}
|
|
|
|
// Get interactive data for the BitB demo
|
|
getInteractiveData(stepId) {
|
|
if (stepId === 'bitb-demo') {
|
|
return {
|
|
scenarios: [
|
|
{
|
|
id: 'legitimate',
|
|
title: 'Legitimate OAuth Popup',
|
|
provider: 'Google',
|
|
domain: 'accounts.google.com',
|
|
isReal: true,
|
|
description: 'This simulates how a REAL browser popup would behave',
|
|
indicators: [
|
|
'Can be dragged outside browser window',
|
|
'Has native window controls',
|
|
'Address bar text is not selectable (real browser UI)',
|
|
'Right-click shows browser context menu, not page menu',
|
|
'Appears as separate window in system taskbar'
|
|
]
|
|
},
|
|
{
|
|
id: 'bitb-attack',
|
|
title: 'Browser-in-the-Browser Attack',
|
|
provider: 'Microsoft',
|
|
domain: 'login.microsoftonline.com',
|
|
isReal: false,
|
|
description: 'This is a FAKE popup window created with HTML/CSS/JavaScript',
|
|
indicators: [
|
|
'Cannot be dragged outside the main browser window',
|
|
'Entire window is trapped within the page boundaries',
|
|
'Address bar is just HTML text/image (right-click shows Inspect)',
|
|
'Window controls (minimize, maximize, close) are fake buttons',
|
|
'Does not appear in system taskbar as separate window'
|
|
]
|
|
}
|
|
],
|
|
testInstructions: [
|
|
'Try to drag each popup window outside the main browser area',
|
|
'Right-click on the address bar to see if you can inspect it as HTML',
|
|
'Look for subtle differences in fonts, spacing, or shadows',
|
|
'Check if the window controls behave like real browser buttons',
|
|
'Notice if the popup can extend beyond the main window boundaries'
|
|
],
|
|
realWorldExamples: [
|
|
{
|
|
year: 2022,
|
|
target: 'Corporate employees',
|
|
provider: 'Microsoft OAuth',
|
|
description: 'Attackers used BitB to steal enterprise credentials'
|
|
},
|
|
{
|
|
year: 2022,
|
|
target: 'Cryptocurrency users',
|
|
provider: 'Google Sign-in',
|
|
description: 'Fake crypto platforms used BitB for account takeovers'
|
|
},
|
|
{
|
|
year: 2023,
|
|
target: 'GitHub developers',
|
|
provider: 'GitHub OAuth',
|
|
description: 'Malicious sites mimicked GitHub login to steal tokens'
|
|
}
|
|
]
|
|
};
|
|
}
|
|
return null;
|
|
}
|
|
|
|
// Validate specific BitB detection knowledge
|
|
async validateAnswer(questionId, answer) {
|
|
// Use base class validation for standard question types
|
|
return super.validateAnswer(questionId, answer);
|
|
}
|
|
}
|
|
|
|
module.exports = BrowserInBrowserLesson;
|