Skip to content

Latest commit

 

History

History
85 lines (67 loc) · 5.89 KB

attack-tree.md

File metadata and controls

85 lines (67 loc) · 5.89 KB

Attack Tree Analysis for expressjs/body-parser

Objective: To achieve Denial of Service (DoS) on the application server by exploiting vulnerabilities in the body-parser middleware.

Attack Tree Visualization

                                      Compromise Application via body-parser
                                                  (DoS) [CRITICAL]
                                                     |
                                                     |
                                                     |
                                      Cause Denial of Service (DoS) [HIGH RISK]
                                         /       |       \
                                        /        |        \
                                       /         |         \
                  -----------------         |         ----------------
                 /                  |                      \
  Abuse URL-Encoded Parser   Abuse Raw Parser     Abuse Text Parser    Resource Exhaustion
  [HIGH RISK]                [HIGH RISK]          [HIGH RISK]          (CPU, Memory, Disk) [CRITICAL]
                                                                        /       |      \
                                                                       /        |       \
                                                                  CPU Exhaust  MemExhaust DiskExhaust

Attack Tree Path: Compromise Application via body-parser (DoS) [CRITICAL]

Description: This is the root of the sub-tree, representing the attacker's refined objective: to cause a Denial of Service. It's marked as critical because all other high-risk paths lead to this outcome. Attack Vectors: This node itself doesn't have specific attack vectors; it's the result of the attacks on the child nodes.

Attack Tree Path: Cause Denial of Service (DoS) [HIGH RISK]

Description: This branch represents the overall strategy of causing a DoS. It's high-risk because DoS attacks are relatively easy to attempt and have a significant impact on application availability. Attack Vectors: This node encompasses the various ways an attacker can achieve a DoS, primarily through resource exhaustion.

Attack Tree Path: Resource Exhaustion (CPU, Memory, Disk) [CRITICAL]

Description: This node represents the core mechanism of the DoS attacks. It's critical because preventing resource exhaustion is the key to mitigating the high-risk paths. Attack Vectors: * CPU Exhaustion: * Description: The attacker sends requests designed to consume excessive CPU cycles, making the server unresponsive to legitimate requests. * Example: Sending a URL-encoded request with a very large number of keys. * Memory Exhaustion: * Description: The attacker sends requests that consume large amounts of memory, potentially leading to the server crashing or becoming unresponsive. * Example: Sending a very large raw or text request body, or a specially crafted JSON payload designed to trigger an inflation attack. * Disk Exhaustion: * Description: The attacker sends requests that cause the server to write excessive data to disk, filling up the storage and potentially causing the application to fail. * Example: While less directly related to body-parser, if the application writes the parsed body to disk without limits, this could be exploited.

Attack Tree Path: Abuse URL-Encoded Parser [HIGH RISK]

Description: This path focuses on exploiting the application/x-www-form-urlencoded parser. Attack Vectors: * Large Number of Keys: * Description: The attacker sends a request with an extremely large number of keys in the URL-encoded body. * Impact: CPU exhaustion. * Mitigation: Use the parameterLimit option in body-parser's urlencoded middleware to limit the number of allowed parameters. Set a reasonable limit on the request body size.

Attack Tree Path: Abuse Raw Parser [HIGH RISK]

Description: This path focuses on exploiting the raw request body parser. Attack Vectors: * Large Body: * Description: The attacker sends a very large raw request body. * Impact: Memory exhaustion. * Mitigation: Use the limit option in body-parser's raw middleware to restrict the size of the raw body.

Attack Tree Path: Abuse Text Parser [HIGH RISK]

Description: This path focuses on exploiting the plain text request body parser. Attack Vectors: * Large Body: * Description: The attacker sends a very large text request body. * Impact: Memory exhaustion. * Mitigation: Use the limit option in body-parser's text middleware to restrict the size of the text body.

Attack Tree Path: Abuse JSON Parser (inflate, etc.) [HIGH RISK]

Description: This path focuses on exploiting the JSON request body parser, specifically targeting inflation vulnerabilities. Attack Vectors: * Inflation Attacks (e.g., "Billion Laughs"): * Description: The attacker sends a specially crafted JSON payload (like the "Billion Laughs" attack, which uses entity expansion) or deeply nested JSON object. * Impact: Memory exhaustion. * Mitigation: Use the limit option in body-parser's json middleware to restrict the size of the JSON body. Implement input validation after parsing.