Objective: Exfiltrate sensitive data (credentials, API keys, PII) or manipulate application behavior by tampering with recorded HTTP interactions (cassettes) used by Betamax.
+-----------------------------------------------------+
| Exfiltrate Sensitive Data or Manipulate Application |
| Behavior via Betamax Cassettes |
+-----------------------------------------------------+
|
+---------------------------------------------------------------------------------+
| |
+-------------------------+ +-----------------------------------------+
| 1. Compromise Cassette | | 2. Exploit Betamax Configuration/Usage |
| Storage/Access | | Vulnerabilities |
+-------------------------+ +-----------------------------------------+
| |
+---------------------+---------------------+ +---------------------+---------------------+
| 1.a. Unauthorized | 1.b. Insecure | | 2.a. Insecure | 2.b. Lack of |
| File Access | Storage | | Matchers | Cassette |
| | Location | | | Sanitization | [CRITICAL]
+---------------------+---------------------+ +---------------------+---------------------+
| >> | >> | | >>
+---------+---------+ +---------+---------+ +---------+---------+ +---------+---------+
| 1.a.2. | | | 1.b.1. | 1.b.2. | | 2.a.2. | | | 2.b.1. | 2.b.2. |
| Code | | | Lack | Weak | | Missing| | | Record | Missing|
| Vuln | | | of | File | | Request| | | Sensitive| Header/|
| in App | | | Encr. | Perms. | | Body | | | Data | Body | [CRITICAL]
| [HIGH] | | | [CRITICAL]| [CRITICAL]| | Matching| | | [CRITICAL]| Filter | [CRITICAL]
+---------+---------+ +---------+---------+ +---------+---------+ +---------+---------+
| >>
+---------+---------+
| 2.b.3. | 2.b.4 |
| Missing| Missing|
| Query | Cookie |
| Param | Filter | [CRITICAL]
| Filter | |
| [CRITICAL]| |
+---------+---------+
Attack Tree Path: 1. Compromise Cassette Storage/Access
-
1.a. Unauthorized File Access (>> 1.a.2. Code Vulnerability in Application [HIGH]):
- Description: An attacker exploits a vulnerability in the application's code (e.g., path traversal, arbitrary file read/write) to gain access to the Betamax cassette files.
- Mitigation:
- Thoroughly review and test the application code for any vulnerabilities that could lead to unauthorized file access.
- Implement secure coding practices, including input validation and output encoding.
- Perform regular security audits and penetration testing.
- Use a web application firewall (WAF) to detect and block malicious requests.
-
1.b. Insecure Storage Location:
-
(>> 1.b.1. Lack of Encryption [CRITICAL]):
- Description: Cassette files are stored without encryption, making them readable to anyone with access to the storage location.
- Mitigation:
- Encrypt cassette files at rest using filesystem-level encryption (e.g., LUKS, BitLocker) or a Python library like
cryptography. - Implement a secure key management system to protect the encryption keys.
- Regularly rotate encryption keys.
- Encrypt cassette files at rest using filesystem-level encryption (e.g., LUKS, BitLocker) or a Python library like
-
(>> 1.b.2. Weak File Permissions [CRITICAL]):
- Description: Cassette files have overly permissive file permissions, allowing unauthorized users on the system to read or modify them.
- Mitigation:
- Set strict file permissions on the cassette directory and files. Only the user/process running the tests should have read/write access (e.g.,
chmod 600orchmod 700). - Use the principle of least privilege.
- Regularly audit file permissions.
- Set strict file permissions on the cassette directory and files. Only the user/process running the tests should have read/write access (e.g.,
-
Attack Tree Path: 2. Exploit Betamax Configuration/Usage Vulnerabilities
-
2.a Insecure Matchers: * (>> 2.a.2 Missing Request Body Matching):
- Description: If the request body contains sensitive data and is not included in Betamax matchers, the response might be replayed to requests with different, potentially malicious, bodies.
- Mitigation:
* Always include the
bodymatcher in your Betamax configuration when the request body contains sensitive data. * Consider using more granular matchers, such as matching specific fields within the request body.
-
2.b. Lack of Cassette Sanitization [CRITICAL] (and all sub-nodes):
-
(>> 2.b.1. Record Sensitive Data [CRITICAL]):
- Description: Betamax records sensitive data (API keys, passwords, PII) without any filtering, storing this data in plain text within the cassette.
- Mitigation:
- Use Betamax's
before_recordandbefore_playbackhooks (or thefilter_requestandfilter_responsemethods) to register filters. - Create custom filter functions to remove or replace sensitive data before it's written to the cassette.
- Use regular expressions to target specific patterns of sensitive data.
- Use Betamax's
-
(>> 2.b.2. Missing Header/Body Filter [CRITICAL]):
- Description: Sensitive data is present in HTTP headers (e.g.,
Authorization,Cookie) or the response body, and no filters are applied to remove or redact it. - Mitigation:
- Implement filters to specifically target and remove sensitive headers.
- Create filters to redact or replace sensitive portions of the response body. Use regular expressions or custom logic to identify and modify the data.
- Description: Sensitive data is present in HTTP headers (e.g.,
-
(>> 2.b.3. Missing Query Param Filter [CRITICAL]):
- Description: Sensitive data is present in the URL query parameters, and no filters are applied.
- Mitigation:
- Implement filters to remove or redact sensitive query parameters.
-
(>> 2.b.4. Missing Cookie Filter [CRITICAL]):
- Description: Sensitive data is present in cookies, and no filters are applied.
- Mitigation:
- Implement filters to remove or redact sensitive cookies.
-