Home > CAPEC List > CAPEC-85: AJAX Footprinting (Version 3.4)  

CAPEC-85: AJAX Footprinting

Attack Pattern ID: 85
Abstraction: Detailed
Status: Draft
Presentation Filter:
+ Description
This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. A common first step for an attacker is to footprint the target environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on. The knowledge gained through Ajax fingerprinting can be used to support other attacks, such as XSS.
+ Likelihood Of Attack

High

+ Typical Severity

Low

+ Relationships
Section HelpThis table shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.
NatureTypeIDName
ChildOfStandard Attack PatternStandard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.580System Footprinting
CanPrecedeStandard Attack PatternStandard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.63Cross-Site Scripting (XSS)
Section HelpThis table shows the views that this attack pattern belongs to and top level categories within that view.
+ Execution Flow
Explore
  1. Send requests to the server and analyze responses: Using a browser or an automated tool, an attacker sends requests to a website and then captures the responses. Responses are analyzed for information on frameworks, architecture, and dependencies.

    Techniques
    Use a browser to manually request pages and view the responses. Manually parse responses to find information on dependencies and underlying architecture
    Use automated scripting to send one or multiple requests to a server and capture any responses. Parse responses from the server to identify any tags that may provide information about dependencies and underlying architecture.
+ Prerequisites
The user must allow JavaScript to execute in their browser
+ Skills Required
[Level: Medium]
To land and launch a script on victim's machine with appropriate footprinting logic for enumerating services and vulnerabilities in JavaScript
+ Resources Required
None: No specialized resources are required to execute this type of attack.
+ Consequences
Section HelpThis table specifies different individual consequences associated with the attack pattern. The Scope identifies the security property that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in their attack. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a pattern will be used to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.
ScopeImpactLikelihood
Confidentiality
Read Data
+ Mitigations
Design: Use browser technologies that do not allow client side scripting.
Implementation: Perform input validation for all remote content.
+ Example Instances
Footprinting can be executed over almost any protocol including HTTP, TCP, UDP, and ICMP, with the general goal of gaining further information about a host environment to launch further attacks. The attacker can probe the system for banners, vulnerabilities, filenames, available services, and in short anything the host process has access to. The results of the probe are either used to execute javascript (for example, if the attackers' footprint script identifies a vulnerability in a firewall permission, then the client side script executes a javascript to change client firewall settings, or an attacker may simply echo the results of the scan back out to a remote host for targeting future attacks) or to inform other data gathering activities in order to craft atta.
+ References
[REF-539] Shreeraj Shah. "Ajax fingerprinting for Web 2.0 Applications". Help Net Security. <https://www.helpnetsecurity.com/dl/articles/Ajax_fingerprinting.pdf>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated References
2020-07-30CAPEC Content TeamThe MITRE Corporation
Updated Description, Example_Instances, Execution_Flow, Mitigations, Related_Attack_Patterns, Resources_Required, Typical_Severity
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17AJAX Fingerprinting
More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 17, 2020