What is Man in the middle attack?

man in the middle attack“A man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example of man-in-the-middle attacks is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker”.

Table of Contents

The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted wireless access point (Wi-Fi) could insert himself as a man-in-the-middle.

Purpose of Man in the middle attack:

The goal of this attack is to steal personal information, such as login credentials, account details, and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required.

Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers or an illicit password change.

Also Read: Create Secure Passwords To Keep Your Identity Safe

Execution of Man in the middle attack:

Successful MITM execution has two distinct phases: Interception and Decryption.

Interception:

The first step intercepts user traffic through the attacker’s network before it reaches its intended destination.

The most common (and simplest) way of doing this is a passive attack in which an attacker makes free, malicious WiFi hotspots available to the public. Typically named in a way that corresponds to their location, they aren’t password protected. Once a victim connects to such a hotspot, the attacker gains full visibility to any online data exchange.

Attackers wishing to take a more active approach to interception may launch one of the following attacks:

  • IP spoofing involves an attacker disguising himself as an application by altering packet headers in an IP address. As a result, users attempting to access a URL connected to the application are sent to the attacker’s website.
  • ARP spoofing is the process of linking an attacker’s MAC address with the IP address of a legitimate user on a local area network using fake ARP messages. As a result, data sent by the user to the host IP address is instead transmitted to the attacker.
  • DNS spoofing also known as DNS cache poisoning, involves infiltrating a DNS server and altering a website’s address record. As a result, users attempting to access the site are sent by the altered DNS record to the attacker’s site.

Decryption:

After the interception, any two-way SSL traffic needs to be decrypted without alerting the user or application. A number of methods exist to achieve this:

  • HTTPS spoofing sends a phony certificate to the victim’s browser once the initial connection request to a secure site is made. It holds a digital thumbprint associated with the compromised application, which the browser verifies according to an existing list of trusted sites. The attacker is then able to access any data entered by the victim before it’s passed to the application.
  • SSL BEAST (browser exploit against SSL/TLS) targets a TLS version 1.0 vulnerability in SSL. Here, the victim’s computer is infected with malicious JavaScript that intercepts encrypted cookies sent by a web application. Then the app’s cipher block chaining (CBC) is compromised so as to decrypt its cookies and authentication tokens.
  • SSL hijacking occurs when an attacker passes forged authentication keys to both the user and application during a TCP handshake. This sets up what appears to be a secure connection when, in fact, the man in the middle controls the entire session.
  • SSL stripping downgrades an HTTPS connection to HTTP by intercepting the TLS authentication sent from the application to the user. The attacker sends an unencrypted version of the application’s site to the user while maintaining the secured session with the application. Meanwhile, the user’s entire session is visible to the attacker.

Prevention from Man in the middle attack:

Blocking MITM attacks requires several practical steps on the part of users, as well as a combination of encryption and verification methods for applications.

For users, this means:

  • Avoiding WiFi connections that aren’t password protected.
  • Paying attention to browser notifications reporting a website as being unsecured.
  • Immediately logging out of a secure application when it’s not in use.
  • Not using public networks (e.g., coffee shops, hotels) when conducting sensitive transactions.

For website operators, secure communication protocols, including TLS and HTTPS, help mitigate spoofing attacks by robustly encrypting and authenticating transmitted data. Doing so prevents the interception of site traffic and blocks the decryption of sensitive data, such as authentication tokens.

It is considered best practice for applications to use SSL/TLS to secure every page of their site and not just the pages that require users to log in. Doing so helps decreases the chance of an attacker stealing session cookies from a user browsing on an unsecured section of a website while logged in.

Like
Like Love Haha Wow Sad Angry

You may also like...

8 Responses

  1. Heya i am for the first time here. I found this board and I find It really helpful & it helped me out much.

    I hope to offer something back and aid others such as you aided me. https://kasino.vin/downloads/76-download-rollex11

  2. Nice replies in return of this query with genuine arguments and describing everything regarding that.

  3. On one other hand, composing articles, it’s always good to
    note a clean page at reach. The average reader doesn’t take period to
    look into the whole article but they analyze for key
    factors of your article. https://918kiss.poker/downloads

  4. Its like you read my mind! You appear to know so much about this, like you wrote
    the book in it or something. I think that you can do with some pics to drive the message home a little bit, but other than that, this is magnificent blog.
    A fantastic read. I will definitely be back.

  5. Hello, yes this post is truly fastidious and I have
    learned lot of things from it regarding blogging.
    thanks. https://kasino.vin/downloads/67-download-joker123

  6. This design is steller! You obviously know how to keep a reader entertained.

    Between your wit and your videos, I was
    almost moved to start my own blog (well, almost…HaHa!) Great job.
    I really enjoyed what you had to say, and more
    than that, how you presented it. Too cool!

  7. I was just looking for this information for some time. After 6 hours of continuous Googleing, at last I got it in your website. I wonder what is the lack of Google strategy that don’t rank this kind of informative web sites in top of the list. Generally the top web sites are full of garbage.

Leave a Reply

Your email address will not be published. Required fields are marked *