CAPEC-157: Sniffing Attacks

Description

In this attack pattern, the adversary intercepts information transmitted between two third parties. The adversary must be able to observe, read, and/or hear the communication traffic, but not necessarily block the communication or change its content. Any transmission medium can theoretically be sniffed if the adversary can examine the contents between the sender and recipient. Sniffing Attacks are similar to Adversary-In-The-Middle attacks (CAPEC-94), but are entirely passive. AiTM attacks are predominantly active and often alter the content of the communications themselves.

Extended Description

For example, using a different character encoding might cause dangerous text to be treated as safe text. Alternatively, the attacker may use certain flags, such as file extensions, to make a target application believe that provided data should be handled using a certain interpreter when the data is not actually of the appropriate type. This can lead to bypassing protection mechanisms, forcing the target to use specific components for input processing, or otherwise causing the user's data to be handled differently than might otherwise be expected. This attack differs from Variable Manipulation in that Variable Manipulation attempts to subvert the target's processing through the value of the input while Input Data Manipulation seeks to control how the input is processed.

Severity :

Medium

Possibility :

Type :

Standard

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies Accessing/Intercepting/Modifying HTTP Cookies CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data Utilizing REST's Trust in the System Resource to Obtain Sensitive Data CAPEC-65: Sniff Application Code Sniff Application Code CAPEC-117: Interception Interception CAPEC-158: Sniffing Network Traffic Sniffing Network Traffic CAPEC-609: Cellular Traffic Intercept Cellular Traffic Intercept CAPEC-652: Use of Known Kerberos Credentials Use of Known Kerberos Credentials

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

The target data stream must be transmitted on a medium to which the adversary has access.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

The adversary must be able to intercept the transmissions containing the data of interest. Depending on the medium of transmission and the path the data takes between the sender and recipient, the adversary may require special equipment and/or require that this equipment be placed in specific locations (e.g., a network sniffing tool)

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-311: Missing Encryption of Sensitive Data

Visit http://capec.mitre.org/ for more details.