CAPEC-220: Client-Server Protocol Manipulation

攻击模式描述

An adversary takes advantage of weaknesses in the protocol by which a client and server are communicating to perform unexpected actions. Communication protocols are necessary to transfer messages between client and server applications. Moreover, different protocols may be used for different types of interactions.

前提条件

• The client and/or server must utilize a protocol that has a weakness allowing manipulation of the interaction.

所需资源

• The adversary must be able to identify the weakness in the utilized protocol and exploit it. This may require a sniffing tool as well as packet creation abilities. The adversary will be aided if they can force the client and/or server to utilize a specific protocol known to contain exploitable weaknesses.