WSF_CYBER_MAN_IN_THE_MIDDLE_EFFECT

cyber_effect WSF_CYBER_MAN_IN_THE_MIDDLE_EFFECT
cyber_effect <effect_name> WSF_CYBER_MAN_IN_THE_MIDDLE_EFFECT

   platform_type <type>
      ... comm_effect commands
      target_list
         <comm1>
         <comm2>
         ...
         <commN>
      end_target_list

      all

      exfiltrate <boolean>

      script WsfCyberMitmMessage OnSend ...
      script WsfCyberMitmMessage OnReceive ...
   end_platform_type

   platform <name>
      ... comm_effect commands
   end_platform

   default
      ... comm_effect commands
   end_default

end_cyber_effect

Overview

WSF_CYBER_MAN_IN_THE_MIDDLE_EFFECT is a cyber_effect that allows the injection of a man-in-the-middle attack on the victim. The effect will allow the user to drop, delay, and alter any incoming or outgoing messages from the victim platform.

Commands

platform_type <type> … end_platform_type

Define the affected comms and effect behaviors for a platform type. This command may be repeated as necessary.

platform <name> … end_platform

Define the affected comms and effect behaviors for a specific platform. This command may be repeated as necessary.

default … end_default

Define the default comms and behaviors of the attack if the victim is not of any previously specified platforms or platform types.

Common Victim Commands

target_list … end_target_list

Specifies comm devices by name on the victim platform that will be affected by this effect. If a comm is listed, but does not exist on the victim platform when the effect is applied, then it will be disregarded.

all

Specifies that all comms on the victim platform will be affected by this effect.

exfiltrate <boolean>

Specifies that this comm should attempt to forward every message it receives back to the attacker. This will attempt to send the message to the first comm on the attacker that is reachable from the victim comm. Any message exfiltrated this way will be marked with an EXFILTRATED_MESSAGE aux-data field. The forwarded message will be marked with the EXFILTRATION_MESSAGE aux-data field.

Default false

OnSend (script)

A provided script that will be called when a specified comm attempts to send a message. This script allows for the ability to alter, delay, or drop a WsfMessage.

An example to drop a message is as follows:

script WsfCyberMitmMessage OnSend(WsfMessage aMessage)
   # Set drop to true to drop the message
   return WsfCyberMitmMessage.Construct(aMessage, 0, true);
end_script
OnReceive (script)

A provided script that will be called when a specified comm attempts to receive a message. This script allows for the ability to alter, delay, or drop a WsfMessage.

An example to delay a message is as follows:

script WsfCyberMitmMessage OnReceive(WsfMessage aMessage)
   # Delay the message by 10 seconds
   return WsfCyberMitmMessage.Construct(aMessage, 10, false);
end_script