CAPEC-157

Sniffing Attacks
Moyen
Draft
2014-06-23
00h00 +00:00
2022-02-22
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

In this attack pattern, the adversary intercepts information transmitted between two third parties. The adversary must be able to observe, read, and/or hear the communication traffic, but not necessarily block the communication or change its content. Any transmission medium can theoretically be sniffed if the adversary can examine the contents between the sender and recipient. Sniffing Attacks are similar to Adversary-In-The-Middle attacks (CAPEC-94), but are entirely passive. AiTM attacks are predominantly active and often alter the content of the communications themselves.

Informations du CAPEC

Flux d'exécution

1) Explore

[Determine Communication Mechanism] The adversary determines the nature and mechanism of communication between two components, looking for opportunities to exploit.

Technique
  • Look for application documentation that might describe a communication mechanism used by a target.
2) Experiment

[Position In Between Targets] The adversary positions themselves somewhere in the middle of the two components. If the communication is encrypted, the adversary will need to act as a proxy and route traffic between the components, exploiting a flaw in the encryption mechanism. Otherwise, the adversary can just observe the communication at either end.

Technique
  • Use Wireshark or some other packet capturing tool to capture traffic on a network.
  • Install spyware on a client that will intercept outgoing packets and route them to their destination as well as route incoming packets back to the client.
  • Exploit a weakness in an encrypted communication mechanism to gain access to traffic. Look for outdated mechanisms such as SSL.
3) Exploit

[Listen to Communication] The adversary observes communication, but does not alter or block it. The adversary gains access to sensitive information and can potentially utilize this information in a malicious way.

Conditions préalables

The target data stream must be transmitted on a medium to which the adversary has access.

Ressources nécessaires

The adversary must be able to intercept the transmissions containing the data of interest. Depending on the medium of transmission and the path the data takes between the sender and recipient, the adversary may require special equipment and/or require that this equipment be placed in specific locations (e.g., a network sniffing tool)

Atténuations

Encrypt sensitive information when transmitted on insecure mediums to prevent interception.

Faiblesses connexes

CWE-ID Nom de la faiblesse

CWE-311

 Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2015-12-07 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Resources_Required, Solutions_and_Mitigations
CAPEC Content Team The MITRE Corporation 2019-09-30 +00:00 Updated Description
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Description
CAPEC Content Team The MITRE Corporation 2022-02-22 +00:00 Updated Execution_Flow