Home > CAPEC List > CAPEC-207: Removing Important Client Functionality (Version 2.11)  

CAPEC-207: Removing Important Client Functionality

 
Removing Important Client Functionality
Definition in a New Window Definition in a New Window
Attack Pattern ID: 207
Abstraction: Standard
Status: Draft
Completeness: Complete
Presentation Filter:
+ Summary

An attacker removes or disables functionality on the client that the server assumes to be present and trustworthy. Attackers can, in some cases, get around logic put in place to 'guard' sensitive functionality or data. Client applications may include functionality that a server relies on for correct and secure operation. This functionality can include, but is not limited to, filters to prevent the sending of dangerous content to the server, logical functionality such as price calculations, and authentication logic to ensure that only authorized users are utilizing the client. If an attacker can disable this functionality on the client, they can perform actions that the server believes are prohibited. This can result in client behavior that violates assumptions by the server leading to a variety of possible attacks. In the above examples, this could include the sending of dangerous content (such as scripts) to the server, incorrect price calculations, or unauthorized access to server resources.

+ Attack Steps
Explore
  1. Probing: The attacker probes, through brute-forcing, reverse-engineering or other similar means, the functionality on the client that server assumes to be present and trustworthy.

    The attacker probes by exploring an application's functionality and its underlying mapping to server-side components.

    The attacker reverse engineers client-side code to identify the functionality that the server relies on for the proper or secure operation.

Experiment
  1. Determine which functionality to disable or remove: The attacker tries to determine which functionality to disable or remove through reverse-engineering from the list of functionality identified in the Explore phase.

    The attacker reverse engineers the client-side code to determine which functionality to disable or remove.

Exploit
  1. Disable or remove the critical functionality from the client code: Once the functionality has been determined, the attacker disables or removes the critical functionality from the client code to perform malicious actions that the server believes are prohibited.

    The attacker disables or removes the functionality from the client-side code to perform malicious actions, such as sending of dangerous content (such as scripts) to the server.

+ Attack Prerequisites
  • The targeted server must assume the client performs important actions to protect the server or the server functionality. For example, the server may assume the client filters outbound traffic or that the client performs all price calculations correctly. Moreover, the server must fail to detect when these assumptions are violated by a client.

+ Typical Severity

High

+ Typical Likelihood of Exploit

Likelihood: Medium

+ Methods of Attack
  • Analysis
  • Modification of Resources
+ Examples-Instances

Description

Attacker reverse engineers a Java binary (by decompiling it) and identifies where license management code exists. Noticing that the license manager returns TRUE or FALSE as to whether or not the user is licensed, the Attacker simply overwrites both branch targets to return TRUE, recompiles, and finally redeploys the binary.

Description

Attacker uses click-through exploration of a Servlet-based website to map out its functionality, taking note of its URL-naming conventions and Servlet mappings. Using this knowledge and guessing the Servlet name of functionality they're not authorized to use, the Attacker directly navigates to the privileged functionality around the authorizing single-front controller (implementing programmatic authorization checks).

Description

Attacker reverse-engineers a Java binary (by decompiling it) and identifies where license management code exists. Noticing that the license manager returns TRUE or FALSE as to whether or not the user is licensed, the Attacker simply overwrites both branch targets to return TRUE, recompiles, and finally redeploys the binary.

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: High

To reverse engineer the client-side code to disable/remove the functionality on the client that the server relies on.

Skill or Knowledge Level: Low

The attacker installs a web tool that allows scripts or the DOM model of web-based applications to be modified before they are executed in a browser. GreaseMonkey and Firebug are two examples of such tools.

+ Resources Required

The attacker must have access to a client and be able to modify the client behavior, often through reverse engineering. If the server is assuming specific client functionality, this usually means the server only recognizes a specific client application, rather than a broad class of client applications. Reverse engineering tools would likely be necessary.

+ Solutions and Mitigations

Design: For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side.

Design: Ship client-side application with integrity checks (code signing) when possible.

Design: Use obfuscation and other techniques to prevent reverse engineering the client code.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Confidentiality
"Varies by context"
Information Leakage
Integrity
Modify files or directories
Confidentiality
Read files or directories
Integrity
Modify application data
Confidentiality
Read memory
Integrity
Modify memory
Confidentiality
Read application data
Accountability
Authentication
Authorization
Non-Repudiation
Gain privileges / assume identity
Access_Control
Authorization
Bypass protection mechanism
+ Injection Vector

The client code

+ Payload

Malicious code or modified value in the client code

+ Activation Zone

Client Side and Server Side

+ Payload Activation Impact

Bypass the authorization check

+ Purposes
  • Exploitation
  • Penetration
+ CIA Impact
Confidentiality Impact: HighIntegrity Impact: HighAvailability Impact: Low
+ Technical Context
Architectural Paradigms
Client-Server
Frameworks
All
Platforms
All
+ References
[R.207.1] [REF-6] "Wikipedia". Greasemonkey. The Wikimedia Foundation, Inc. <http://en.wikipedia.org/wiki/Greasemonkey>.
[R.207.2] "Firebug". <http://getfirebug.com/>.
[R.207.3] "Mozilla Firefox Add-ons". Greasemonkey. <https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2015-12-07Updated Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, References, Related_VulnerabilitiesInternal
Previous Entry Names
DatePrevious Entry Name
2015-12-07Removing Important Functionality from the Client

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017