Man In The Middle(MITM):Attack Explained

In computer security, man-in-the-middle-attack also known as hijack attack where it is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.

What is the goal of MITM attack?

The goal of the attack is to steal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required.
Information obtained during an attack could be used for many purposes including identity theft, or password change.
Mitm attack is like if the attacker acts as a mailman who could open your bank statement and write down your account details then reseal the envelope and deliver it to your door.

How does it work?

Man in the middle attack goes into two principle stages:


To inspect user traffic, attacker intercepts victim’s network where the most common way of doing this the attacker can make free, malicious WiFi hotspots available to public/
Then the attacker launches several attacks:
1.IP spoofing: involves an attacker disguising himself as an application by altering packet headers in an IP address. As a result users attempt to access URL

2.ARP spoofing: is the process by which attacker’s MAC address can link with the IP address of the Victim on a local area network using fake ARP messages. As a result, data is sent by the user  to the server like for example bank account login information it is instead transmitted to the attacker

3.DNS spoofing, also known as DNS cache poisoning, involves infiltrating a DNS server and altering a website’s address record as a result, users attempting to access the site the DNS instead migrates to attacker’s website.

Data Decryption

After the attacker has managed to collect user’s data using the methods explained above, the attacker needs to decrypt SSL traffic
1.   SSL stripping where attacker intercepts the TLS authentication sent from the application to the user. The attacker sends an unencrypted version of the application’s stie to the user while maintaining the secured session within the application
2.   SSL Hijacking this process occurs when attacker passes masked authentication keys to user and the application during TCP. This sets up what appears to be a secure connection when, in fact, the man in the middle controls the entire session
3.   SSL BEAST (browser exploit against SSL/TLS) targets certain TLS version where the computer of victim is vulnerable to malicious javascript that steals encrypted cookies sent by web application.
4.   HTTPS spoofing , spoofing means disguising where the attacker sends a dummy certificate to victim’s browser which holds a digital fingerprint to make the attacker be able to access any data entered by the victim before it’s passed to the application.

    How to protect your data from this attack?

1.    Strong WEP/WPA Encryption
In order to prevent unwanted users from joining your network you need to have strong encryption mechanism to protect your wireless access points

2.    SSL certificate
HTTPs can be used to securely protect your communication where he may be sniffing, where users can install browser plugins to enforce always using HTTPs on requests.

stay safe with Tech4allgeeks
For more blogs you can subscribe in the email box at right or you could follow us on facebook
stay tuned for more, have a nice day 😊

Author Image

About Author
Hisham Elreedy is Digital Electronics Engineer, Graphics Designer, Blogger, Youtuber. Inspired to teach all he knows from his experience in studying undergraduate engineering by creating useful posts

Post a Comment