CAPEC-465 Metadata
Likelihood of Attack
High
Typical Severity
Medium
Overview
Summary
A transparent proxy serves as an intermediate between the client and the internet at large. It intercepts all requests originating from the client and forwards them to the correct location. The proxy also intercepts all responses to the client and forwards these to the client. All of this is done in a manner transparent to the client.
Prerequisites
Transparent proxy is usedVulnerable configuration of network topology involving the transparent proxy (e.g., no NAT happening between the client and the proxy)Execution of malicious Flash or Applet in the victim's browser
Potential Solutions / Mitigations
Design: Ensure that the transparent proxy uses an actual network layer IP address for routing requests. On the transparent proxy, disable the use of routing based on address information in the HTTP host header. Configuration: Disable in the browser the execution of Java Script, Flash, SilverLight, etc.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-554 | An adversary attacks a system by bypassing some or all functionality intended to protect it. Often, a system user will think that protection is in place, but the functionality behind those protections has been disabled by the adversary. |
Taxonomy Mappings
Taxonomy: ATTACK
| Entry ID | Entry Name |
|---|---|
| 1090.001 | Proxy: Internal Proxy |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.