Detailedseverity: LowDraft

CAPEC-383Harvesting Information via API Event Monitoring

Abstraction
Detailed
Status
Draft
Severity
Low

Description

An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.

Related weaknesses· 4

CWE-311CWE-319CWE-419CWE-602

MITRE ATT&CK crosswalk· 1

T1056.004: Input Capture: Credential API Hooking

Related attack patterns· 2

CAPEC-407 (ChildOf)CAPEC-94 (CanPrecede)

Exploits4

TypeTargetConfidenceTier
WeaknessClient-Side Enforcement of Server-Side Securitycwe-602100%live
WeaknessCleartext Transmission of Sensitive Informationcwe-319100%live
WeaknessUnprotected Primary Channelcwe-419100%live
WeaknessMissing Encryption of Sensitive Datacwe-311100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueCredential API Hookingt1056.004100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Transaction or Event Tampering via Application API Manipulation
CAPEC
Application API Message Manipulation via Man-in-the-Middle
CAPEC
Content Spoofing Via Application API Manipulation
CAPEC
Application API Button Hijacking
CAPEC
DEPRECATED: Social Information Gathering Attacks
CAPEC
HTTP Flood
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.