updated to Machine-in-the-Middle

Document/0x04e-Testing-Authentication-and-Session-Management.md

@@ -221,7 +221,7 @@ Some of the best practices include but are not limited to:
 
 - **User agent:**
     - The user should have a way to visually verify trust (e.g., Transport Layer Security (TLS) confirmation, website mechanisms).
-    - To prevent machine-in-the-middle attacks, the client should validate the server's fully qualified domain name with the public key the server presented when the connection was established.
+    - To prevent Machine-in-the-Middle attacks, the client should validate the server's fully qualified domain name with the public key the server presented when the connection was established.
 - **Type of grant:**
     - On native apps, code grant should be used instead of implicit grant.
     - When using code grant, PKCE (Proof Key for Code Exchange) should be implemented to protect the code grant. Make sure that the server also implements it.

Document/0x06i-Testing-Code-Quality-and-Build-Settings.md

@@ -28,7 +28,7 @@ There are two categories of libraries:
 
 These libraries can lead to unwanted side-effects:
 
-- A library can contain a vulnerability, which will make the application vulnerable. A good example is `AFNetworking` version 2.5.1, which contained a bug that disabled certificate validation. This vulnerability would allow attackers to execute machine-in-the-middle attacks against apps that are using the library to connect to their APIs.
+- A library can contain a vulnerability, which will make the application vulnerable. A good example is `AFNetworking` version 2.5.1, which contained a bug that disabled certificate validation. This vulnerability would allow attackers to execute Machine-in-the-Middle attacks against apps that are using the library to connect to their APIs.
 - A library can no longer be maintained or hardly be used, which is why no vulnerabilities are reported and/or fixed. This can lead to having bad and/or vulnerable code in your application through the library.
 - A library can use a license, such as LGPL2.1, which requires the application author to provide access to the source code for those who use the application and request insight in its sources. In fact the application should then be allowed to be redistributed with modifications to its source code. This can endanger the intellectual property (IP) of the application.
 

techniques/android/MASTG-TECH-0011.md

@@ -3,7 +3,7 @@ title: Setting Up an Interception Proxy
 platform: android
 ---
 
-Several tools support the network analysis of applications that rely on the HTTP(S) protocol. The most important tools are the so-called interception proxies; @MASTG-TOOL-0079 and @MASTG-TOOL-0077 are the most famous. An interception proxy gives the tester a machine-in-the-middle position. This position is useful for reading and/or modifying all app requests and endpoint responses, which are used for testing Authorization, Session, Management, etc.
+Several tools support the network analysis of applications that rely on the HTTP(S) protocol. The most important tools are the so-called interception proxies; @MASTG-TOOL-0079 and @MASTG-TOOL-0077 are the most famous. An interception proxy gives the tester a Machine-in-the-Middle position. This position is useful for reading and/or modifying all app requests and endpoint responses, which are used for testing Authorization, Session, Management, etc.
 
 ## Interception Proxy for a Virtual Device
 

techniques/ios/MASTG-TECH-0063.md

@@ -3,7 +3,7 @@ title: Setting up an Interception Proxy
 platform: ios
 ---
 
-@MASTG-TOOL-0077 is an integrated platform for security testing mobile and web applications. Its tools work together seamlessly to support the entire testing process, from initial mapping and analysis of attack surfaces to finding and exploiting security vulnerabilities. Burp Proxy operates as a web proxy server for Burp Suite, which is positioned as a machine-in-the-middle between the browser and web server(s). Burp Suite allows you to intercept, inspect, and modify incoming and outgoing raw HTTP traffic.
+@MASTG-TOOL-0077 is an integrated platform for security testing mobile and web applications. Its tools work together seamlessly to support the entire testing process, from initial mapping and analysis of attack surfaces to finding and exploiting security vulnerabilities. Burp Proxy operates as a web proxy server for Burp Suite, which is positioned as a Machine-in-the-Middle between the browser and web server(s). Burp Suite allows you to intercept, inspect, and modify incoming and outgoing raw HTTP traffic.
 
 Setting up Burp to proxy your traffic is pretty straightforward. We assume that both your iOS device and host computer are connected to a Wi-Fi network that permits client-to-client traffic. If client-to-client traffic is not permitted, you can use usbmuxd to connect to Burp via USB.
 

tests/android/MASVS-CODE/MASTG-TEST-0036.md

@@ -89,4 +89,4 @@ protected void onResume() {
 
 In order to test for proper updating: try downloading an older version of the application with a security vulnerability, either by a release from the developers or by using a third party app-store.
 Next, verify whether or not you can continue to use the application without updating it. If an update prompt is given, verify if you can still use the application by canceling the prompt or otherwise circumventing it through normal application usage. This includes validating whether the backend will stop calls to vulnerable backends and/or whether the vulnerable app-version itself is blocked by the backend.
-Lastly, see if you can play with the version number of a machine-in-the-middled app and see how the backend responds to this (and if it is recorded at all for instance).
+Lastly, see if you can play with the version number of a "machine-in-the-middled" app and see how the backend responds to this (and if it is recorded at all for instance).

tests/android/MASVS-NETWORK/MASTG-TEST-0021.md

@@ -14,7 +14,7 @@ masvs_v1_levels:
 
 ## Static Analysis
 
-Using TLS to transport sensitive information over the network is essential for security. However, encrypting communication between a mobile application and its backend API is not trivial. Developers often decide on simpler but less secure solutions (e.g., those that accept any certificate) to facilitate the development process, and sometimes these weak solutions [make it into the production version](https://saschafahl.de/static/paper/androidssl2012.pdf "Hunting Down Broken SSL in Android Apps"), potentially exposing users to [machine-in-the-middle attacks](https://cwe.mitre.org/data/definitions/295.html "CWE-295: Improper Certificate Validation").
+Using TLS to transport sensitive information over the network is essential for security. However, encrypting communication between a mobile application and its backend API is not trivial. Developers often decide on simpler but less secure solutions (e.g., those that accept any certificate) to facilitate the development process, and sometimes these weak solutions [make it into the production version](https://saschafahl.de/static/paper/androidssl2012.pdf "Hunting Down Broken SSL in Android Apps"), potentially exposing users to [Machine-in-the-Middle attacks](https://cwe.mitre.org/data/definitions/295.html "CWE-295: Improper Certificate Validation").
 
 Two key issues should be addressed:
 

tests/android/MASVS-PLATFORM/MASTG-TEST-0031.md

@@ -45,7 +45,7 @@ Devices running platforms older than Android 4.4 (API level 19) use a version of
 Dynamic Analysis depends on operating conditions. There are several ways to inject JavaScript into an app's WebView:
 
 - Stored Cross-Site Scripting vulnerabilities in an endpoint; the exploit will be sent to the mobile app's WebView when the user navigates to the vulnerable function.
-- Attacker takes a machine-in-the-middle (MITM) position and tampers with the response by injecting JavaScript.
+- Attacker takes a Machine-in-the-Middle (MITM) position and tampers with the response by injecting JavaScript.
 - Malware tampering with local files that are loaded by the WebView.
 
 To address these attack vectors, check the following:

tests/android/MASVS-STORAGE/MASTG-TEST-0004.md

@@ -22,4 +22,4 @@ All data that's sent to third-party services should be anonymized to prevent exp
 ## Dynamic Analysis
 
 Check all requests to external services for embedded sensitive information.
-To intercept traffic between the client and server, you can perform dynamic analysis by launching a machine-in-the-middle (MITM) attack with @MASTG-TOOL-0077 or @MASTG-TOOL-0079. Once you route the traffic through the interception proxy, you can try to sniff the traffic that passes between the app and server. All app requests that aren't sent directly to the server on which the main function is hosted should be checked for sensitive information, such as PII in a tracker or ad service.
+To intercept traffic between the client and server, you can perform dynamic analysis by launching a Machine-in-the-Middle (MITM) attack with @MASTG-TOOL-0077 or @MASTG-TOOL-0079. Once you route the traffic through the interception proxy, you can try to sniff the traffic that passes between the app and server. All app requests that aren't sent directly to the server on which the main function is hosted should be checked for sensitive information, such as PII in a tracker or ad service.

tests/ios/MASVS-CODE/MASTG-TEST-0080.md

@@ -21,4 +21,4 @@ Make sure that every entry of the application goes through the updating mechanis
 
 In order to test for proper updating: try downloading an older version of the application with a security vulnerability, either by a release from the developers or by using a third party app-store.
 Next, verify whether or not you can continue to use the application without updating it. If an update prompt is given, verify if you can still use the application by canceling the prompt or otherwise circumventing it through normal application usage. This includes validating whether the backend will stop calls to vulnerable backends and/or whether the vulnerable app-version itself is blocked by the backend.
-Finally, see if you can play with the version number of a machine-in-the-middled app and see how the backend responds to this (and if it is recorded at all for instance).
+Finally, see if you can play with the version number of a "machine-in-the-middled" app and see how the backend responds to this (and if it is recorded at all for instance).

tests/ios/MASVS-CODE/MASTG-TEST-0085.md

@@ -60,7 +60,7 @@ The result of the steps above can now be used as input for searching different v
 >
 > 1. If the developer packs all dependencies in terms of its own support library using a .podspec file, then this .podspec file can be checked with the experimental CocoaPods podspec checker.
 > 2. If the project uses CocoaPods in combination with Objective-C, SourceClear can be used.
-> 3. Using CocoaPods with HTTP-based links instead of HTTPS might allow for machine-in-the-middle attacks during the download of the dependency, allowing an attacker to replace (parts of) the library with other content. Therefore, always use HTTPS.
+> 3. Using CocoaPods with HTTP-based links instead of HTTPS might allow for Machine-in-the-Middle attacks during the download of the dependency, allowing an attacker to replace (parts of) the library with other content. Therefore, always use HTTPS.
 
 You can utilize the [OWASP Dependency-Check](https://owasp.org/www-project-dependency-check/ "OWASP Dependency-Check")'s experimental [CocoaPods Analyzer](https://jeremylong.github.io/DependencyCheck/analyzers/cocoapods.html "dependency-check - CocoaPods Analyzer")
 to identify the [Common Platform Enumeration (CPE)](https://nvd.nist.gov/products/cpe "CPE") naming scheme of all dependencies and any corresponding [Common Vulnerability and Exposure (CVE)](https://cve.mitre.org/ "CVE") entries. Scan the application's \*.podspec and/or Podfile.lock files and generate a report of known vulnerable libraries with the following command:

tests/ios/MASVS-NETWORK/MASTG-TEST-0067.md

@@ -14,7 +14,7 @@ masvs_v1_levels:
 
 ## Static Analysis
 
-Using TLS to transport sensitive information over the network is essential for security. However, encrypting communication between a mobile application and its backend API is not trivial. Developers often decide on simpler but less secure solutions (e.g., those that accept any certificate) to facilitate the development process, and sometimes these weak solutions make it into the production version, potentially exposing users to [machine-in-the-middle attacks](https://cwe.mitre.org/data/definitions/295.html "CWE-295: Improper Certificate Validation").
+Using TLS to transport sensitive information over the network is essential for security. However, encrypting communication between a mobile application and its backend API is not trivial. Developers often decide on simpler but less secure solutions (e.g., those that accept any certificate) to facilitate the development process, and sometimes these weak solutions make it into the production version, potentially exposing users to [Machine-in-the-Middle attacks](https://cwe.mitre.org/data/definitions/295.html "CWE-295: Improper Certificate Validation").
 
 These are some of the issues should be addressed:
 

tests/ios/MASVS-STORAGE/MASTG-TEST-0054.md

@@ -32,4 +32,4 @@ All data that's sent to third-party services should be anonymized to prevent exp
 ## Dynamic Analysis
 
 Check all requests to external services for embedded sensitive information.
-To intercept traffic between the client and server, you can perform dynamic analysis by launching a machine-in-the-middle (MITM) attack (@MASTG-TECH-0062), for example using @MASTG-TOOL-0077 or @MASTG-TOOL-0079. Once you route the traffic through the interception proxy, you can try to sniff the traffic that passes between the app and server. All app requests that aren't sent directly to the server on which the main function is hosted should be checked for sensitive information, such as PII in a tracker or ad service.
+To intercept traffic between the client and server, you can perform dynamic analysis by launching a Machine-in-the-Middle (MITM) attack (@MASTG-TECH-0062), for example using @MASTG-TOOL-0077 or @MASTG-TOOL-0079. Once you route the traffic through the interception proxy, you can try to sniff the traffic that passes between the app and server. All app requests that aren't sent directly to the server on which the main function is hosted should be checked for sensitive information, such as PII in a tracker or ad service.

tools/network/MASTG-TOOL-0076.md

@@ -4,7 +4,7 @@ platform: network
 source: https://github.com/bettercap/bettercap
 ---
 
-A powerful framework which aims to offer to security researchers and reverse engineers an easy to use, all-in-one solution for Wi-Fi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance. It can be used during network penetration tests in order to simulate a machine-in-the-middle (MITM) attack. This is achieved by executing [ARP poisoning or spoofing](https://en.wikipedia.org/wiki/ARP_spoofing "ARP poisoning/spoofing") to the target computers. When such an attack is successful, all packets between two computers are redirected to a third computer that acts as the machine-in-the-middle and is able to intercept the traffic for analysis.
+A powerful framework which aims to offer to security researchers and reverse engineers an easy to use, all-in-one solution for Wi-Fi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance. It can be used during network penetration tests in order to simulate a Machine-in-the-Middle (MITM) attack. This is achieved by executing [ARP poisoning or spoofing](https://en.wikipedia.org/wiki/ARP_spoofing "ARP poisoning/spoofing") to the target computers. When such an attack is successful, all packets between two computers are redirected to a third computer that acts as the Machine-in-the-Middle and is able to intercept the traffic for analysis.
 
 > bettercap is a powerful tool to execute MITM attacks and should be preferred nowadays, instead of ettercap. See also [Why another MITM tool?](https://www.bettercap.org/legacy/#why-another-mitm-tool "Why another MITM tool?") on the bettercap site.
 

tools/network/MASTG-TOOL-0077.md

@@ -6,7 +6,7 @@ source: https://portswigger.net/burp/communitydownload
 
 Burp Suite is an integrated platform for performing security testing mobile and web applications.
 
-Its tools work together seamlessly to support the entire testing process, from initial mapping and analysis of attack surfaces to finding and exploiting security vulnerabilities. Burp Proxy operates as a web proxy server for Burp Suite, which is positioned as a machine-in-the-middle between the browser and web servers. Burp Suite allows you to intercept, inspect, and modify incoming and outgoing raw HTTP traffic.
+Its tools work together seamlessly to support the entire testing process, from initial mapping and analysis of attack surfaces to finding and exploiting security vulnerabilities. Burp Proxy operates as a web proxy server for Burp Suite, which is positioned as a Machine-in-the-Middle between the browser and web servers. Burp Suite allows you to intercept, inspect, and modify incoming and outgoing raw HTTP traffic.
 
 Setting up Burp to proxy your traffic is pretty straightforward. We assume that both your device and host computer are connected to a Wi-Fi network that permits client-to-client traffic.