Man-in-the-Middle (MITM): SSL Hijacking

An adversary intercepted a secure communication and attempts to perform Session Hijacking, also known as SSL or TLS hijacking, to decrypt the traffic. Session hijacking is a method of taking over a web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed, the adversary can masquerade as the user and perform anything the user is authorized to do on the network.

By hijacking the session, the adversary gains access to the server without having to authenticate to it, having access to it as long as the communication session remains active.

The most popular culprits for carrying out a session hijacking are session sniffing, predictable session token ID, man in the browser, client-side and session fixation.[1]

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

References

Attachments

ID
VT0022.005
Sub-techniques
Tactics
Credential Access
Collection
Platforms
Cloud
Linux
MacOS
Unix-like
Windows

Created: 03 January 2021

Last Modified: 04 January 2021