CAPEC-662
Adversary in the Browser (AiTB)
Haute
Stable
2021-06-24
00h00 +00:00
00h00 +00:00
2022-09-29
00h00 +00:00
00h00 +00:00
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Descriptions du CAPEC
An adversary exploits security vulnerabilities or inherent functionalities of a web browser, in order to manipulate traffic between two endpoints.
Informations du CAPEC
Flux d'exécution
1) Experiment
The adversary tricks the victim into installing the Trojan Horse malware onto their system.
Technique
- Conduct phishing attacks, drive-by malware installations, or masquerade malicious browser extensions as being legitimate.
2) Experiment
The adversary inserts themself into the communication channel initially acting as a routing proxy between the two targeted components.
3) Exploit
The adversary observes, filters, or alters passed data of their choosing to gain access to sensitive information or to manipulate the actions of the two target components for their own purposes.
Conditions préalables
The adversary must install or convince a user to install a Trojan.There are two components communicating with each other.
An attacker is able to identify the nature and mechanism of communication between the two target components.
Strong mutual authentication is not used between the two target components yielding opportunity for adversarial interposition.
For browser pivoting, the SeDebugPrivilege and a high-integrity process must both exist to execute this attack.
Compétences requises
Tricking the victim into installing the Trojan is often the most difficult aspect of this attack. Afterwards, the remainder of this attack is fairly trivial.Atténuations
Ensure software and applications are only downloaded from legitimate and reputable sources, in addition to conducting integrity checks on the downloaded component.Leverage anti-malware tools, which can detect Trojan Horse malware.
Use strong, out-of-band mutual authentication to always fully authenticate both ends of any communications channel.
Limit user permissions to prevent browser pivoting.
Ensure browser sessions are regularly terminated and when their effective lifetime ends.
Faiblesses connexes
| Nom de la faiblesse | |
|---|---|
CWE-300 |
Channel Accessible by Non-Endpoint The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. |
CWE-494 |
Download of Code Without Integrity Check The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. |
Références
REF-629
Man-in-the-browser attackhttps://owasp.org/www-community/attacks/Man-in-the-browser_attack
REF-630
Oil and Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ DealLiviu Arsene.
https://labs.bitdefender.com/2020/04/oil-gas-spearphishing-campaigns-drop-agent-tesla-spyware-in-advance-of-historic-opec-deal/
REF-631
Man-in-the-Mobile Attacks Single Out AndroidAmit Klein.
https://securityintelligence.com/man-in-the-mobile-attacks-single-out-android/
REF-632
New 'Boy In The Browser' Attacks On The RiseKelly Jackson Higgins.
https://www.darkreading.com/risk/new-boy-in-the-browser-attacks-on-the-rise/d/d-id/1135247
Soumission
| Nom | Organisation | Date | Date de publication |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
2025©
tesweb SA
