Javatpoint Logo
Javatpoint Logo

MITM Attack Progression

In two distinct phases, MITM execution will be successful, which are decryption and interception. In interception, the attacker stays in between the data stream, ready to capture the data, collect the received data, sell or reuse the data. In decryption, data is sent by an attacker, analyzes the used encryption techniques like HTTPS, etc. try to decrypt the data and reuse it.

Interception

In the first step, we use the attacker's network and intercept user traffic before reaching its desired location. For doing this, the passive attack is the simplest and most common. In this attack, attackers create malicious Wi-Fi hotspots that are freely available to the public, which means they are not password protected. The name of this type of Wi-Fi generally corresponds to their location. When such hotspots are connected by any user or victim, the attackers gain full access to online data exchange. A more active approach is taken by attackers to interception may launch any of the following attacks:

IP spoofing

An IP address is contained by all the system which is connected to the network. An IP address is also provided by many corporate internal networks to the system. In IP spoofing, attackers alter the header of a package in an IP address and disguise themselves as an application. As a result, the URL connected to the application tries to access by the users and send to the attacker's website. In this case, DOS may be used by an attacker to perform MITM attacks, where the attacker acts between two systems as a middleware.

ARP spoofing

ARP means Address Resolution Protocol. It is used in a local area network to resolve the IP address to corresponding MAC addresses. To locate the device in a network and to identify the device's MAC address, an IP address is used. In an ARP poisoning attack, attackers link their MAC address to the legitimate user's IP. Then to establish a connection to the attacker system, it sends a constant series of ARP messages. As a result, data is transmitted to the attacker, which the user sends to the host IP address.

DNS Spoofing

DNS means Domain name system. DNS is used to resolve the IP address to its domain names like "javatpoint.com" and vice versa. In this attack, the DNS cache of the target device is corrupted by the attacker and rewriting it. Attacker alters the DNS recodes and redirects to the vulnerability server. As a result, an altered DNS record is sent to the attacker's site, and the users try to access this site. Where, 32.21.12.23 port number resolves the www.stupidonlinebank.com. The DNS cache is poisoned by the attacker, and it redirects the user to "19.168.0.10'. In this port, a fake phishing site is deployed by an attacker, and that site is ready to collect the entered details.

Decryption

Now without alerting the application or user, decryption is needed on two-way SSL traffic. To achieve this, various methods are as follows:

HTTPS Spoofing

When the initial connection is made to a protected site, the victim's browser receives a fake certificate from the attacker. The certificate holds the thumbprint, and a compromised application is associated with it. The thumbprint is verified by the browser-based on an existing list of trusted sites leaving the attacker to access any data which is entered by the user before it is passed to the application.

SSL Beast

It is used in SSL to target a TSL version 1.0. Here, malicious JavaScript is injected into the victim's computer that is used to intercept the encrypted cookies, which are sent by the web application. Now to authentication tokens and decrypt the cookies, the cipher block chaining of the app is compromised.

SSL Hijacking

SSL hijacking occurs during the TCP (transmission control protocol) handshakes when an attacker passes forged authentication keys to both the application and the user. It is used to compromise social media accounts. Most websites of social media store session browser cookies on the user's system. When the browser hijacks and malware is injected on the user's machine, this type of attack mainly occurs. It will also occur when session cookies are stolen by the attacker. When the entire session is controlled by a man in the middle, this sets up what appears to be a secure connection.

SSL Stripping

In 100% of websites, around 70% of websites are still working on the insecure and generic HTTP ports. This provides the backward capability and extensive availability of the application to the users. Using this, the secure HTTPS connection can be downgraded to a basic HTTP connection. An attacker can use the HTTP connection to sniff the packets, read them. Now the users are browsing an unencrypted website, so the attacker can also alter the packet on the spot.

Next TopicPrevention of MITM attack




Youtube For Videos Join Our Youtube Channel: Join Now

Feedback

Help Others, Please Share

facebook twitter pinterest

Learn Latest Tutorials

Splunk tutorial

Splunk
SPSS tutorial

SPSS
Swagger tutorial

Swagger
T-SQL tutorial

Transact-SQL
Tumblr tutorial

Tumblr
React tutorial

ReactJS
Regex tutorial

Regex
Reinforcement learning tutorial

Reinforcement Learning
R Programming tutorial

R Programming
RxJS tutorial

RxJS
React Native tutorial

React Native
Python Design Patterns

Python Design Patterns
Python Pillow tutorial

Python Pillow
Python Turtle tutorial

Python Turtle
Keras tutorial

Keras

Preparation

Aptitude

Aptitude
Logical Reasoning

Reasoning
Verbal Ability

Verbal Ability
Interview Questions

Interview Questions
Company Interview Questions

Company Questions

Trending Technologies

Artificial Intelligence

Artificial Intelligence
AWS Tutorial

AWS
Selenium tutorial

Selenium
Cloud Computing

Cloud Computing
Hadoop tutorial

Hadoop
ReactJS Tutorial

ReactJS
Data Science Tutorial

Data Science
Angular 7 Tutorial

Angular 7
Blockchain Tutorial

Blockchain
Git Tutorial

Git
Machine Learning Tutorial

Machine Learning
DevOps Tutorial

DevOps

B.Tech / MCA

DBMS tutorial

DBMS
Data Structures tutorial

Data Structures
DAA tutorial

DAA
Operating System

Operating System
Computer Network tutorial

Computer Network
Compiler Design tutorial

Compiler Design
Computer Organization and Architecture

Computer Organization
Discrete Mathematics Tutorial

Discrete Mathematics
Ethical Hacking

Ethical Hacking
Computer Graphics Tutorial

Computer Graphics
Software Engineering

Software Engineering
html tutorial

Web Technology
Cyber Security tutorial

Cyber Security
Automata Tutorial

Automata
C Language tutorial

C Programming
C++ tutorial

C++
Java tutorial

Java
.Net Framework tutorial

.Net
Python tutorial

Python
List of Programs

Programs
Control Systems tutorial

Control System
Data Mining Tutorial

Data Mining
Data Warehouse Tutorial

Data Warehouse