CAPEC-388: Application API Button Hijacking

An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains buttons that point to an attacker controlled destination.

Medium

Typical severity

Per MITRE

Not rated

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-388 (Application API Button Hijacking) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-388: Application API Button Hijacking

Overview

What the attacker needs

Prerequisites

Resources required

Examples

Frequently asked questions

What is CAPEC-388?

What weaknesses does CAPEC-388 target?

How severe is CAPEC-388?

References

Defend against CAPEC-388

Overview

What the attacker needs

Prerequisites

Resources required

Examples

Related weaknesses

Related attack patterns

Parent

Frequently asked questions

What is CAPEC-388?

What weaknesses does CAPEC-388 target?

How severe is CAPEC-388?

References

Defend against CAPEC-388