CAPEC-465 Detail

CAPEC-465

Name

Transparent Proxy Abuse

Typical Severity

Medium

Status

Draft

Published

2014-06-23
00h00 +00:00

Modified

2022-09-29
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

A transparent proxy serves as an intermediate between the client and the internet at large. It intercepts all requests originating from the client and forwards them to the correct location. The proxy also intercepts all responses to the client and forwards these to the client. All of this is done in a manner transparent to the client.

Informations CAPEC

Prerequisites

Transparent proxy is usedVulnerable configuration of network topology involving the transparent proxy (e.g., no NAT happening between the client and the proxy)Execution of malicious Flash or Applet in the victim's browser

Skills Required

Creating malicious Flash or Applet to open a cross-domain socket connection to a remote system

Mitigations

Design: Ensure that the transparent proxy uses an actual network layer IP address for routing requests. On the transparent proxy, disable the use of routing based on address information in the HTTP host header.
Configuration: Disable in the browser the execution of Java Script, Flash, SilverLight, etc.

Related Weaknesses

CWE-ID	Weakness Name
CWE-441	Unintended Proxy or Intermediary ('Confused Deputy') The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

References

REF-402

Socket Capable Browser Plugins Result In Transparent Proxy Abuse
Robert Auger.
http://www.thesecuritypractice.com/the_security_practice/TransparentProxyAbuse.pdf

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2015-12-07 +00:00	Updated Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2019-09-30 +00:00	Updated @Abstraction
CAPEC Content Team	The MITRE Corporation	2020-12-17 +00:00	Updated Mitigations
CAPEC Content Team	The MITRE Corporation	2022-02-22 +00:00	Updated Description, Extended_Description
CAPEC Content Team	The MITRE Corporation	2022-09-29 +00:00	Updated Taxonomy_Mappings