Пропускане към основното съдържание

How to defend yourself against MITM or Man-in-the-middle attack

Protecting our data online is never going to be an easy task, especially nowadays when attackers are regularly inventing some new techniques and exploits to steal your data. Sometimes their attacks will not be so harmful for individual users. But large-scale attacks on some popular web sites or financial databases, could be highly dangerous. In most cases, the attackers first try to push some malware on to user’s machine. Sometimes this technique doesn’t work out, however.

What is Man-in-the-middle attack

A popular method is Man-in-the-middle attack. It is also known as a bucket brigade attack, or sometimes Janus attack in cryptography. As its name suggests, the attacker keeps himself / herself between two parties, making them believe that they are talking directly to each other over a private connection, when actually the entire conversation is being controlled by the attacker. A man-in-the-middle attack can be successful only when the attacker forms a mutual authentication between two parties. Most cryptographic protocols always provides some form of endpoint authentication, specifically to block MITM attacks on users. Secure Sockets Layer (SSL) protocol is always being used to authenticate one or both parties using a mutually trusted certification authority.

How it works

Lets say there are 3 characters in this story: Mike, Rob, and Alex. Mike wants to communicate with Rob. Meanwhile, Alex (attacker) inhibit the conversation to eavesdrop and carry on a false conversation with Rob, behalf on Mike. First, Mike asks Rob for his public key. If Rob provides his key to Mike, Alex intercepts, and this is how “man-in-the-middle attack” begins. Alex then sends a forged message to Mike that claims to be from Rob, but including Alex’s public key. Mike easily believes that the received key does belong to Rob, when actually that’s not true. Mike innocently encrypts his message with Alex’s key and sends the converted message back to Rob. In the most common MITM attacks, attacker mostly uses a WiFi router to intercept user’s communication. This technique can be work out by exploiting a router with some malicious programs to intercept user’s sessions on the router. Here, the attacker first configures his laptop as a WiFi hotspot, choosing a name commonly used in a public area, such as an airport or coffee shop. Once user connects to that malicious router to reach websites such as online banking sites or commerce sites, attacker then logs user’s credentials for later use.

Man-in-the-middle attack prevention & tools

Most of the effective defences against MITM can be found only on router or server-side. You won’t be having any dedicated control over the security of your transaction. Instead, you can use a strong encryption between the client and the server. In this case server authenticates client’s request by presenting a digital certificate, and then only connection could be established. Another method to prevent such MITM attacks is, to never connect to open WiFi routers directly. If you wish to so, you can use a browser plug-in such as HTTPS Everywhere or ForceTLS. These plug-ins will help you establishing a secure connection whenever the option is available.


Popular Posts


REPRODUCE OF THE VULNERABILITY =): Collaboration: silentsignal

DVWA - Brute Force (High Level) - Anti-CSRF Tokens

This is the final "how to" guide which brute focuses Damn Vulnerable Web Application (DVWA), this time on the high security level. It is an expansion from the "low" level (which is a straightforward HTTP GET form attack). The main login screen shares similar issues (brute force-able and with anti-CSRF tokens). The only other posting is the "medium" security level post (which deals with timing issues). For the final time, let's pretend we do not know any credentials for DVWA.... Let's play dumb and brute force DVWA... once and for all! TL;DR: Quick copy/paste 1: CSRF=$(curl -s -c dvwa.cookie "" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2) 2: SESSIONID=$(grep PHPSESSID dvwa.cookie | cut -d $'\t' -f7) 3: curl -s -b dvwa.cookie -d "username=admin&password=password&user_token=${CSRF}&Login=Login" "192.168.1


Donate if you are not shame!