Man in the middle attack, often abbreviated as MitM, is a kind of attack in which an attacker intercepts all the communication between two or more machines. It is one of the most prevalent network attacks. Considering as an active eavesdropping attack, MitM works by establishing connections to victim's machine, and relaying messages between them.
In such scenario, both hosts believes that they are communicating directly to one another, when in reality, the whole traffic flows through the host, performing the attack. Hence the attacking host can not only intercept the sensitive data, but can also inject and manipulate a data stream to gain further control of victims.
MitM attack can be used for doing various tasks:
 |
| Representation of Man in the Middle attack. |
MitM attack can be used for doing various tasks:
- ARP(Address Resolution Protocol) poisoning, or APR(ARP Poison Routing).
(ARP Communication Process)
(ARP Cache Poisoning) - DNS(Domain Name Server) Spoofing.
- Session Hijacking.
- SSL hijacking.
- Cain n Abel
- Wireshark
- Ettercap
- Dsniff
- PacketCreator
**MitM attack can also be done over an https connection, by establishing two independent SSL sessions, one over each TCP connection. The browser sets a SSL connection with the attacker, and the attacker establishes another SSL connection with the web server.
In general, the browser warns the user. To avoid that, the attacker may compromise the server certificate, or gets a signed certificate by a trusted CA(Certificate Authority) with the same CN(Certificate Name) as that of the original website.
No comments:
Post a Comment