<<< Hide Navigation Hide TOC >>>

URI Hijacking - T1635.001 (789ef15a-34d9-4b32-a779-8cbbc9eb32f5)

Adversaries may register Uniform Resource Identifiers (URIs) to intercept sensitive data.

Applications regularly register URIs with the operating system to act as a response handler for various actions, such as logging into an app using an external account via single sign-on. This allows redirections to that specific URI to be intercepted by the application. If an adversary were to register for a URI that was already in use by a genuine application, the adversary may be able to intercept data intended for the genuine application or perform a phishing attack against the genuine application. Intercepted data may include OAuth authorization codes or tokens that could be used by the adversary to gain access to protected resources.(Citation: Trend Micro iOS URL Hijacking)(Citation: IETF-PKCE)

Rows: 1

Loading extensions...

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

---

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Close

?

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Attack Pattern		Clear Attack Pattern	Clear 1
Steal Application Access Token - T1635 (233fe2c0-cb41-4765-b454-e0087597fbce)	Attack Pattern	URI Hijacking - T1635.001 (789ef15a-34d9-4b32-a779-8cbbc9eb32f5)	Attack Pattern	1