CAPEC-224: Fingerprinting

Description
An adversary compares output from a target system to known indicators that uniquely identify specific details about the target. Most commonly, fingerprinting is done to determine operating system and application versions. Fingerprinting can be done passively as well as actively. Fingerprinting by itself is not usually detrimental to the target. However, the information gathered through fingerprinting often enables an adversary to discover existing weaknesses in the target.
Extended Description

While being logged in to some target system, the victim visits the adversarys' malicious site which displays a UI that the victim wishes to interact with. In reality, the iFrame overlay page has a transparent layer above the visible UI with action controls that the adversary wishes the victim to execute. The victim clicks on buttons or other UI elements they see on the page which actually triggers the action controls in the transparent overlaying layer. Depending on what that action control is, the adversary may have just tricked the victim into executing some potentially privileged (and most undesired) functionality in the target system to which the victim is authenticated. The basic problem here is that there is a dichotomy between what the victim thinks they are clicking on versus what they are actually clicking on.

Severity :

Very Low

Possibility :

High

Type :

Meta
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-312: Active OS Fingerprinting Active OS Fingerprinting CAPEC-313: Passive OS Fingerprinting Passive OS Fingerprinting CAPEC-541: Application Fingerprinting Application Fingerprinting
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • A means by which to interact with the target system directly.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Medium Some fingerprinting activity requires very specific knowledge of how different operating systems respond to various TCP/IP requests. Application fingerprinting can be as easy as envoking the application with the correct command line argument, or mouse clicking in the appropriate place on the screen.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

WASC | Fingerprinting
Resources required

If on a network, the adversary needs a tool capable of viewing network communications at the packet level and with header information, like Mitmproxy, Wireshark, or Fiddler.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Visit http://capec.mitre.org/ for more details.