The man-in-the middle attack intercepts a communication between two systems. For example, in an HTTP transaction the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server. Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.
The MITM attack is very effective because of the nature of the http protocol and data transfer which are all ASCII based. In this way, it’s possible to view and interview within the HTTP protocol and also in the data transferred. So, for example, it’s possible to capture a session cookie reading the http header, but it’s also possible to change an amount of money transaction inside the application context.
To be the Man-In-Middle what attacker does is
- Tell the target client that i am the router
- Tell the Accesspoint that i am the client.
- Enabling the IP forward to allow packets to flow through our device without being dropped.
So that each and every packet or a request that is generated from the client or target system will flow through his device . And attacker able to stop the request for a while and see what is in it. This is how Man-In-Middle attack works.
This is a very dangerous attack the attacker can see what you are browsing on the the Internet and even passwords . And this is simple but being a Man-In-Middle he can compromise your whole system.
To do this there are many ways , But there a tool named MITMF which is pretty good which puts you as a man in the middle with a single command.
Man-In-Middle-Framework it a tool which is fully automated , you don’t need to do SSL striping separately . It includes many, many different tools to help you with MITM attacks.
It is having many functions like injecting scripts, screenshot , key-logger , dns spoofing and many more.
Usage of MITMF
mitmf –arp –spoof –gateway [gateway ip] –targets [target ip] -i [interface]
To add plugins
mitmf –arp –spoof –gateway [gateway ip] –targets [target ip] -i [interface] –jskeylogger
For more plugins
There are many more things that you can do with this.
Note: we can’t use these attacks on some popular websites like facebook,twitter etc..
because they use some called HSTS which will be not allowed by the browser.
It is a hard coded data which is stored in the browser and instructed not to allow the
https to http conversion for certain websites. And it work on the old browsers.
But ssl strip v2.0 can convert https to http even it is using HSTS .
This article is only for Educational purpose , I am not responsible for any illegal activities. Do not break into devices that you don’t have permission.
If you think this article is helpful please let me know on the comments below. And Share as much as possible. Thank you 🙂