Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-384:Application API Message Manipulation via Man-in-the-Middle
Attack Pattern ID:384
Version:v3.9
Attack Pattern Name:Application API Message Manipulation via Man-in-the-Middle
Abstraction:Standard
Status:Draft
Likelihood of Attack:
Typical Severity:Low
DetailsContent HistoryRelated WeaknessesReports
▼Description
An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack can allow the attacker to gain unauthorized privileges within the application, or conduct attacks such as phishing, deceptive strategies to spread malware, or traditional web-application attacks. The techniques require use of specialized software that allow the attacker to perform adversary-in-the-middle (CAPEC-94) communications between the web browser and the remote system. Despite the use of AiTH software, the attack is actually directed at the server, as the client is one node in a series of content brokers that pass information along to the application framework. Additionally, it is not true "Adversary-in-the-Middle" attack at the network layer, but an application-layer attack the root cause of which is the master applications trust in the integrity of code supplied by the client.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfM94Adversary in the Middle (AiTM)
ParentOfD385Transaction or Event Tampering via Application API Manipulation
ParentOfD389Content Spoofing Via Application API Manipulation
CanFollowS196Session Credential Falsification through Forging
Nature: ChildOf
Type: Meta
ID: 94
Name: Adversary in the Middle (AiTM)
Nature: ParentOf
Type: Detailed
ID: 385
Name: Transaction or Event Tampering via Application API Manipulation
Nature: ParentOf
Type: Detailed
ID: 389
Name: Content Spoofing Via Application API Manipulation
Nature: CanFollow
Type: Standard
ID: 196
Name: Session Credential Falsification through Forging
▼Execution Flow
▼Prerequisites
Targeted software is utilizing application framework APIs
▼Skills Required
▼Resources Required
A software program that allows a user to man-in-the-middle communications between the client and server, such as a man-in-the-middle proxy.
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
▼Mitigations
▼Example Instances
▼Related Weaknesses
IDName
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
ID: CWE-311
Name: Missing Encryption of Sensitive Data
ID: CWE-345
Name: Insufficient Verification of Data Authenticity
ID: CWE-346
Name: Origin Validation Error
ID: CWE-471
Name: Modification of Assumed-Immutable Data (MAID)
ID: CWE-602
Name: Client-Side Enforcement of Server-Side Security
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
▼Notes
▼References
Reference ID: REF-327
Title: So Many Ways [...]: Exploiting Facebook and YoVille
Author: Tom Stracener, Sean Barnum
Publication:
Publisher:Defcon 18
Edition:
URL:
URL Date:
Day:N/A
Month:N/A
Year:2010
Details not found