Dark Mode
Capec-383 Detail
Harvesting Information via API Event Monitoring
Detailed Social Engineering Social Engineering Software Typical Severity: Low
Parents: 407
An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-383 | capec | https://capec.mitre.org/data/definitions/383.html | |
| CWE-311 | cwe | http://cwe.mitre.org/data/definitions/311.html | |
| CWE-319 | cwe | http://cwe.mitre.org/data/definitions/319.html | |
| CWE-419 | cwe | http://cwe.mitre.org/data/definitions/419.html | |
| CWE-602 | cwe | http://cwe.mitre.org/data/definitions/602.html | |
| T1056.004 | ATTACK | https://attack.mitre.org/wiki/Technique/T1056/004 | Input Capture: Credential API Hooking |
| REF-327 | reference_from_CAPEC | Tom Stracener, Sean Barnum, So Many Ways [...]: Exploiting Facebook and YoVille, 2010, Defcon 18 |
Not present
- The target software is utilizing application framework APIs
Not present
Not present
| Confidentiality |
|---|
| Read Data (The adversary is able to gather information to potentially support further nefarious activities.) |
Not present