CAPEC-701

Browser in the Middle (BiTM)
Średni
Wysoki
Draft
2023-01-24
00h00 +00:00
CAPEC Mitre.org
Alert dla konkretnego CAPEC
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CAPEC.
Zarządzaj powiadomieniami

Opisy CAPEC

An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access.

Informacje CAPEC

Przebieg wykonania

1) Explore

[Identify potential targets] The adversary identifies an application or service that the target is likely to use.

Technika
  • The adversary stands up a server to host the transparent browser and entices victims to use it by using a domain name similar to the legitimate application. In addition to the transparent browser, the adversary could also install a web proxy, sniffer, keylogger, and other tools to assist in their goals.
2) Experiment

[Lure victims] The adversary crafts a phishing campaign to lure unsuspecting victims into using the transparent browser.

Technika
  • An adversary can create a convincing email with a link to download the web client and interact with the transparent browser.
3) Exploit

[Monitor and Manipulate Data] When the victim establishes the connection to the transparent browser, the adversary can view victim activity and make alterations to what the victim sees when browsing the web.

Technika
  • Once a victim has established a connection to the transparent browser, the adversary can use installed tools such as a web proxy, keylogger, or additional malicious browser extensions to gather and manipulate data or impersonate the victim.

Wymagania wstępne

The adversary must create a convincing web client to establish the connection. The victim then needs to be lured onto the adversary's webpage. In addition, the victim's machine must not use local authentication APIs, a hardware token, or a Trusted Platform Module (TPM) to authenticate.

Wymagane umiejętności

(Level : Medium)

Wymagane zasoby

A web application with a client is needed to enable the victim's browser to establish a remote desktop connection to the system of the adversary.

Łagodzenie

Implementation: Use strong, mutual authentication to fully authenticate with both ends of any communications channel

Powiązane słabości

CWE-ID Nazwa słabości

CWE-294

 Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

CWE-345

 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Odniesienia

REF-747

Browser-in-the-Middle (BitM) attack
Tommasi F., Catalano, C., Taurino I..
https://link.springer.com/article/10.1007/s10207-021-00548-5#citeas

Zgłoszenie

Nazwa Organizacja Data Data wydania
Jonas Tzschoppe Nuremberg Institute of Technology 2023-01-24 +00:00
Informacje prezentowane na CVE Find pochodzą z kilku starannie wybranych źródeł referencyjnych. Dane CVE są dostarczane przez MITRE Corporation i Narodową Bazę Podatności (NVD). Katalog znanych eksploatowanych podatności (KEV) pochodzi z Agencji ds. Bezpieczeństwa Cyberprzestrzeni i Infrastruktury (CISA), natomiast wyniki EPSS pochodzą z FIRST.org. Ponadto dane dotyczące słabości oprogramowania (CWE) i typowych wzorców ataków (CAPEC) są utrzymywane przez MITRE Corporation, a informacje o konfiguracjach sprzętu i oprogramowania (CPE) są dostarczane przez NVD.