CAPEC-207: Removing Important Client Functionality
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary removes or disables functionality on the client that the server assumes to be present and trustworthy.
执行流程
步骤 1 Explore
[Probing] The adversary probes, through brute-forcing, reverse-engineering or other similar means, the functionality on the client that server assumes to be present and trustworthy.
- The adversary probes by exploring an application's functionality and its underlying mapping to server-side components.
- The adversary reverse engineers client-side code to identify the functionality that the server relies on for the proper or secure operation.
步骤 2 Experiment
[Determine which functionality to disable or remove] The adversary tries to determine which functionality to disable or remove through reverse-engineering from the list of functionality identified in the Explore phase.
- The adversary reverse engineers the client-side code to determine which functionality to disable or remove.
步骤 3 Exploit
[Disable or remove the critical functionality from the client code] Once the functionality has been determined, the adversary disables or removes the critical functionality from the client code to perform malicious actions that the server believes are prohibited.
- The adversary disables or removes the functionality from the client-side code to perform malicious actions, such as sending of dangerous content (such as scripts) to the server.
前提条件
- The targeted server must assume the client performs important actions to protect the server or the server functionality. For example, the server may assume the client filters outbound traffic or that the client performs all price calculations correctly. Moreover, the server must fail to detect when these assumptions are violated by a client.
所需技能
所需资源
- The adversary must have access to a client and be able to modify the client behavior, often through reverse engineering. If the server is assuming specific client functionality, this usually means the server only recognizes a specific client application, rather than a broad class of client applications. Reverse engineering tools would likely be necessary.
后果影响
影响范围: Confidentiality
技术影响: Other
说明: Information Leakage
影响范围: Integrity
技术影响: Modify Data
影响范围: Confidentiality
技术影响: Read Data
影响范围: Accountability Authentication Authorization Non-Repudiation
技术影响: Gain Privileges
影响范围: Access Control Authorization
技术影响: Bypass Protection Mechanism
缓解措施
Design: For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side.
Design: Ship client-side application with integrity checks (code signing) when possible.
Design: Use obfuscation and other techniques to prevent reverse engineering the client code.
示例实例
The adversary reverse engineers a Java binary (by decompiling it) and identifies where license management code exists. Noticing that the license manager returns TRUE or FALSE as to whether or not the user is licensed, the adversary simply overwrites both branch targets to return TRUE, recompiles, and finally redeploys the binary.
The adversary uses click-through exploration of a Servlet-based website to map out its functionality, taking note of its URL-naming conventions and Servlet mappings. Using this knowledge and guessing the Servlet name of functionality they're not authorized to use, the adversary directly navigates to the privileged functionality around the authorizing single-front controller (implementing programmatic authorization checks).