CAPEC-662 Metadata
Likelihood of Attack
High
Typical Severity
Very High
Overview
Summary
An adversary exploits security vulnerabilities or inherent functionalities of a web browser, in order to manipulate traffic between two endpoints.
Prerequisites
The adversary must install or convince a user to install a Trojan. There are two components communicating with each other. An attacker is able to identify the nature and mechanism of communication between the two target components. Strong mutual authentication is not used between the two target components yielding opportunity for adversarial interposition. For browser pivoting, the SeDebugPrivilege and a high-integrity process must both exist to execute this attack.
Execution Flow
| Step | Phase | Description | Techniques |
|---|---|---|---|
| 1 | Experiment | The adversary tricks the victim into installing the Trojan Horse malware onto their system. |
|
| 2 | Experiment | The adversary inserts themself into the communication channel initially acting as a routing proxy between the two targeted components. |
|
| 3 | Exploit | The adversary observes, filters, or alters passed data of their choosing to gain access to sensitive information or to manipulate the actions of the two target components for their own purposes. |
|
Potential Solutions / Mitigations
Ensure software and applications are only downloaded from legitimate and reputable sources, in addition to conducting integrity checks on the downloaded component. Leverage anti-malware tools, which can detect Trojan Horse malware. Use strong, out-of-band mutual authentication to always fully authenticate both ends of any communications channel. Limit user permissions to prevent browser pivoting. Ensure browser sessions are regularly terminated and when their effective lifetime ends.
Related Weaknesses (CWE)
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-94 | An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components. |
Taxonomy Mappings
Taxonomy: ATTACK
| Entry ID | Entry Name |
|---|---|
| 1185 | Man in the Browser |
Taxonomy: OWASP Attacks
| Entry ID | Entry Name |
|---|---|
| Link | Man-in-the-browser attack |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.