Stealing Bitcoin Private key using Man-in-the-Browser

The idea behind a man-in-the-browser attack is that the attacker has access to everything that your browser does, at least for the site you are on. This is usually accomplished by tricking your browser into running malicious javascript within the context of the domain you are browsing, but may also be the result of malicious or exploitable plugins. If your browser runs the code that encrypts a key, or uses it to sign something, that means your browser has the unencrypted version of it. In the case of a MITB attack, the attacker has the unencrypted version too. This means it doesn't have to steal the private key after it gets encrypted. It already had it before any encryption.

If your browser has been compromised, nothing you do with it can be considered safe. From a web security standpoint, a MITB attack is about as bad as it gets.

Jestin

Posted 2016-08-03T11:05:21.567

Reputation: 8 339

can you provide some material in order to understand how this can be done better – user36877 – 2016-08-03T18:16:02.767

No, not really. A man in the browser attack will exploit a specific vulnerability on a specific site or browser plugin. Without you specifying what it is an attacker would be exploiting, there are no details or materials to provide. – Jestin – 2016-08-03T18:31:14.593

I recently came from OWASP AppSec USA in Washington DC and one of the companies was promoting its product for Application Integrity (client side RASP) which not only detects and prevents code tampering and debugging but also is able to detect MitB, providing enough details in real time. This approach enables your server to react blocking user's session or further HTTP requests. Have a look at their website or drop them a line.

– PauloASilva – 2016-10-18T15:00:04.933

Stealing Bitcoin Private key using Man-in-the-Browser

Answers