CAPEC-701: Browser in the Middle (BiTM)
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access.
执行流程
步骤 1 Explore
[Identify potential targets] The adversary identifies an application or service that the target is likely to use.
- The adversary stands up a server to host the transparent browser and entices victims to use it by using a domain name similar to the legitimate application. In addition to the transparent browser, the adversary could also install a web proxy, sniffer, keylogger, and other tools to assist in their goals.
步骤 2 Experiment
[Lure victims] The adversary crafts a phishing campaign to lure unsuspecting victims into using the transparent browser.
- An adversary can create a convincing email with a link to download the web client and interact with the transparent browser.
步骤 3 Exploit
[Monitor and Manipulate Data] When the victim establishes the connection to the transparent browser, the adversary can view victim activity and make alterations to what the victim sees when browsing the web.
- Once a victim has established a connection to the transparent browser, the adversary can use installed tools such as a web proxy, keylogger, or additional malicious browser extensions to gather and manipulate data or impersonate the victim.
前提条件
- The adversary must create a convincing web client to establish the connection. The victim then needs to be lured onto the adversary's webpage. In addition, the victim's machine must not use local authentication APIs, a hardware token, or a Trusted Platform Module (TPM) to authenticate.
所需技能
所需资源
- A web application with a client is needed to enable the victim's browser to establish a remote desktop connection to the system of the adversary.
后果影响
影响范围: Confidentiality Access Control Authentication
技术影响: Gain Privileges
影响范围: Confidentiality Authorization
技术影响: Read Data
影响范围: Integrity
技术影响: Modify Data
缓解措施
Implementation: Use strong, mutual authentication to fully authenticate with both ends of any communications channel