English
Français
Light
Dark
System

CVEFind - Alertes CVE

Restez informé en continue
Créer un compte Ouvrez un compte Simple et Gratuit Se connecter Gérez vos alertes

CAPEC-701

Browser in the Middle (BiTM)
MEDIUM
HIGH
Draft
2023-01-24 00:00 +00:00
CAPEC Mitre.org

Alerte pour un CAPEC

Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des alertes

Description

An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access.

Informations

Execution Flow

1) Explore

[Identify potential targets] The adversary identifies an application or service that the target is likely to use.

Technique
  • The adversary stands up a server to host the transparent browser and entices victims to use it by using a domain name similar to the legitimate application. In addition to the transparent browser, the adversary could also install a web proxy, sniffer, keylogger, and other tools to assist in their goals.

2) Experiment

[Lure victims] The adversary crafts a phishing campaign to lure unsuspecting victims into using the transparent browser.

Technique
  • An adversary can create a convincing email with a link to download the web client and interact with the transparent browser.

3) Exploit

[Monitor and Manipulate Data] When the victim establishes the connection to the transparent browser, the adversary can view victim activity and make alterations to what the victim sees when browsing the web.

Technique
  • Once a victim has established a connection to the transparent browser, the adversary can use installed tools such as a web proxy, keylogger, or additional malicious browser extensions to gather and manipulate data or impersonate the victim.

Prerequisites

The adversary must create a convincing web client to establish the connection. The victim then needs to be lured onto the adversary's webpage. In addition, the victim's machine must not use local authentication APIs, a hardware token, or a Trusted Platform Module (TPM) to authenticate.

Skills Required

(Level : Medium)

Resources Required

A web application with a client is needed to enable the victim's browser to establish a remote desktop connection to the system of the adversary.

Mitigations

Implementation: Use strong, mutual authentication to fully authenticate with both ends of any communications channel

Faiblesses connexes

CWE-ID Nom de la faiblesse
CWE-294 Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References

REF-747

Browser-in-the-Middle (BitM) attack
Tommasi F., Catalano, C., Taurino I..
https://link.springer.com/article/10.1007/s10207-021-00548-5#citeas

Submission

Name Organization Date Date Release
Jonas Tzschoppe Nuremberg Institute of Technology 2023-01-24 +00:00

Plus d'informations
Cliquez sur le bouton à gauche (OFF), pour autoriser l'inscription de cookie améliorant les fonctionnalités du site. Cliquez sur le bouton à gauche (Tout accepter), pour ne plus autoriser l'inscription de cookie améliorant les fonctionnalités du site.