Man-in-the-Middle (MITM): HTTPS Spoofing

An adversary intercepted a secure communication and attempts to perform HTTPS spoofing for decrypting the traffic. In HTTPS spoofing, the adversary sends a rouge certificate to the victim’s browser once the initial connection request to a secure site is made. It holds a digital thumbprint associated with the compromised application, which the browser verifies according to an existing list of trusted sites. The adversary is then able to access any data entered by the victim before it’s passed to the application.[1]

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

References

Attachments

ID
VT0022.004
Sub-techniques
Tactics
Credential Access
Credential Access
Platforms
Cloud
Linux
MacOS
Unix-like
Windows

Created: 30 December 2020

Last Modified: 04 January 2021