Enhanced iFrame Protection (EIP) is a lightweight extension to automatically detect and provide verbose warnings for embedded iframe
elements in order to protect against Browser-In-The-Browser (BITB) attacks.
In the above screenshot, a phishing website has embedded an iframe
element within a div that has been styled to look like an actual browser window (with a fake URL bar claiming to be from accounts.google.com
).
This extension has detected the iframe
and presented a security warning, highlighting the actual phishing domain as (bigphish.ca
).
- Mozilla Firefox
- Google Chrome
- Microsoft Edge
- Opera - Pending review
Pull requests are welcome if you see a way to make this extension more efficient and lightweight. For major changes or feature additions, please open an issue first to discuss what you would like to change.