In computer
security, man-in-the-middle-attack also known as hijack attack where it is an
attack where the attacker secretly relays and possibly alters the
communications between two parties who believe that they are directly communicating
with each other.
What is the goal of MITM attack?
The goal of the attack is to steal information, such as login credentials,
account details and credit card numbers. Targets are typically the users of
financial applications, SaaS businesses, e-commerce sites and other websites
where logging in is required.
Information obtained during an attack could be used for many purposes including
identity theft, or password change.
Mitm attack is like if the attacker acts as a mailman who could open
your bank statement and write down your account details then reseal the envelope
and deliver it to your door.
How does it work?
Man in the middle attack goes into two principle stages:
Inspection
To inspect user traffic, attacker intercepts victim’s network where the
most common way of doing this the attacker can make free, malicious WiFi
hotspots available to public/
Then the attacker launches several attacks:
1.IP spoofing: involves an attacker disguising himself as an application
by altering packet headers in an IP address. As a result users attempt to
access URL
2.ARP spoofing: is the process by which attacker’s MAC address can link
with the IP address of the Victim on a local area network using fake ARP messages.
As a result, data is sent by the user to the server like for
example bank account login information it is instead transmitted to the
attacker
3.DNS spoofing, also known as DNS cache poisoning, involves infiltrating
a DNS server and altering a website’s address record as a result, users attempting
to access the site the DNS instead migrates to attacker’s website.
Data Decryption
After the attacker has managed to collect user’s data using the methods
explained above, the attacker needs to decrypt SSL traffic
1. SSL stripping where attacker
intercepts the TLS authentication sent from the application to the user. The
attacker sends an unencrypted version of the application’s stie to the user
while maintaining the secured session within the application
2. SSL Hijacking this process occurs
when attacker passes masked authentication keys to user and the application
during TCP. This sets up what appears to be a secure connection when, in fact,
the man in the middle controls the entire session
3. SSL BEAST (browser
exploit against SSL/TLS) targets certain TLS version where the computer of
victim is vulnerable to malicious javascript that steals encrypted cookies sent
by web application.
4. HTTPS spoofing
, spoofing means disguising where the attacker sends a dummy certificate
to victim’s browser which holds a digital fingerprint to make the attacker be
able to access any data entered by the victim before it’s passed to the
application.
How to protect your data from this attack?
How to protect your data from this attack?
1. Strong WEP/WPA
Encryption
In order to prevent unwanted users from
joining your network you need to have strong encryption mechanism to protect your
wireless access points
2.
SSL certificate
HTTPs can be used to securely protect
your communication where he may be sniffing, where users can install browser
plugins to enforce always using HTTPs on requests.
stay safe with Tech4allgeeks
For more blogs you can subscribe in the email box
at right or you could follow us on facebook
About Author
Hisham Elreedy is Digital Electronics Engineer, Graphics Designer, Blogger, Youtuber. Inspired to teach all he knows from his experience in studying undergraduate engineering by creating useful posts
:Attack Explained ){kind=link}
0 Comments