Security News > 2022 > September > S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text]
![S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text]](/static/build/img/news/s3-ep100-browser-in-the-browser-how-to-spot-an-attack-audio-text-medium.jpg)
If you open something in the current window, then you're significantly limited as to how exciting and "System-like" you can make it look, aren't you?
You can't write anything outside the browser window, so you can't sneakily put a window that looks like wallpaper on the desktop, like it's been there all along.
So the idea of a Browser-in-the-browser attack is that you start with a regular website, and then you create, inside the browser window you've already got, a web page that itself looks exactly like an operating system browser window.
The problem is that with a little bit of careful work, particularly if you've got good CSS skills, you *can* actually make something that's inside an existing browser window look like a browser window of its own.
DUCK. Yes, we've written about this several times on Naked Security so far this year, unfortunately.
The idea is that instead of having to buy a Windows licence, or learn Linux, install Samba, set it up, learn how to do file sharing on your network.