Capture-Replay

Description

A capture-relay protocol flaw exists when it is possible for a malicious user to sniff network traffic and replay it to the server in question to the same effect as the original message (or with minor changes).

Applies To

• Languages: All
• Operating platforms: All

Example

Impact

• Authorization: Messages sent with a capture-relay attack allow access to resources which are not otherwise accessible without proper authentication.

Vulnerabilities

• Failure to prevent messages from being recieved and parsed more than once.

Countermeasures

• Design: Utilize some sequence or time stamping functionality along with an encrypted hash or HMAC which takes this into account in order to ensure that messages can be parsed only once.

Vulnerability Patterns

• Capture-Replay Vulnerability Pattern

How Tos

• How To Recognize Capture-Replay Vulnerabilities
• How To Protect from Capture-Replay
• How To Perform an Attack Based On Capture-Replay