Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior
Attack Pattern ID: 211 (Detailed Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description


An attacker utilizes web tools such as Mozilla's GreaseMonkey in order to modify the behavior of web applications, potentially violating assumptions that a server makes about web-based clients. Web-based client applications may use code such as JavaScript in order to populate fields submitted to a server or to ensure a correct order of operations. However, tools such as GreaseMonkey and Firebug can re-write a web site's JavaScript locally before it is interpreted on a client browser. As a result, the processing activities on the client may not conform to the server's expectations. For example, a web-based client application might use JavaScript to fill in the identity of the application's user based on other information that is available. However, if the attacker is utilizing a web tool to change the JavaScript of the web client, they could insert any identity that they wished, thus allowing them to impersonate other users. Depending on the client-functionality that the attacker is affecting, the attacker could impersonate other users, change purse-logic, remove client-based filters, and otherwise violate server expectations.

+ Attack Prerequisites

The server must rely on JavaScript, the DOM model, or some similar component of a web-based client application to perform trusted actions.

+ Resources Required

The attacker must have installed a web tool that allows scripts or the DOM model of web-based applications to be modified before they are executed in a browser. GreaseMonkey and Firebug are two examples of such tools. The attacker must also have some understanding of the script or DOM of the client application they are modifying and how these changes will affect the server.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern113API Abuse/Misuse 
Mechanism of Attack (primary)1000