Skip to main content

MAN-IN-THE-MIDDLE ATTACK (MITM ATTACK)

What is Man-in-the-middle (MITM) attack?
A man in the middle attack is one in which the attacker intercepts messages in a public key exchange and then retransmits them, substituting his own public key for the requested one, so that the two original parties still appear to be communicating with each other.
The attack gets its name from the ball game where two people try to throw a ball directly to each other while one person in between them attempts to catch it. In a man in the middle attack, the intruder uses a program that appears to be the server to the client and appears to be the client to the server. The attack may be used simply to gain access to the message, or enable the attacker to modify the message before retransmitting it.
Man in the middle attacks is sometimes known as fire brigade attacks. The term derives from the bucket brigade method of putting out a fire by handing buckets of water from one person to another between a water source and the fire.
What is BackTrack Linux?
Backtrack is a Linux distribution distributed as Live cd or Usb for penetration testing. BackTrack provides penetration testers a comprehensive collection of security related tools, support live cd and live usb and permanent installation also. BackTrack provides Mozilla, Pidgin, K3B, XMMS .You can create personalized distributions by including customizable scripts, additional tools and configurable kernels.

BackTrack includes many well known security tools Like NMAP, KISMET and many more.
Backtrack 5 has been released and based on ubuntu 11.04. Backtrack 5 contains most of the security audit tools for penetration testing purpose. Backtrack 5 with all the tools are free of cost.
Preparation for MITM Attack
We need to identify the victim’s IP for the attack. We need two IP addresses in which we will be the Man in the middle. We can use nmap scan which have already cover in the previous tutorials. Use the nmap to scan the whole network and identify the victim clearly. Another method we have is to consider the whole network as victim. If we will select two particular victim’s IPs then we will be able to see packets only between those two IP address but if we will choose whole network to be the victim the every packet floating in the network will be relayed from the attacker’s machine.
See the ettercap tutorial for configuring ettercap for this attack.
Ettercap demo
A separate PDF has been attached to demonstrating the MITM attack using ettercap. Please go through the PDF for learning the MITM Attack.
Countermeasures against "man in the middle" attacks
What protections are there against man in the middle attacks on your network? Consider these steps:
o Survey the APs operating with your unique SSID. Take down any that are not authorized to be on the air.
o Use strong encryption on your network. WPA is much better than WEP
o Use SSL. It will make man in the middle attacks more difficult, and will prevent most attacks.
o Double-check SSL certificates before using https pages. IE and Firefox can do this for you.
o Encrypt any documents you don't want to be intercepted or altered.
o Using a VPN service is quite effective against man in the middle attacks


o Forget about WEP. WEP is dead. Use WPA encryption

Comments

Post a Comment

Popular posts from this blog

NMAP and ZenMAP

NMAP and ZenMAP are useful tools for the scanning phase of Ethical Hacking in Kali Linux. NMAP and ZenMAP are practically the same tool, however NMAP uses command line while ZenMAP has a GUI. NMAP is a free utility tool for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. NMAP uses raw IP packets in novel ways to determine which hosts are available on the network, what services (application name and version) those hosts are offering, which operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, etc. Now, let’s go step by step and learn how to use NMAP and ZenMAP. Step 1 − To open, go to Applications → 01-Information Gathering → nmap or zenmap. Step 2 − The next step is to detect the OS type/version of the target host. Based on the help indicat...
Post a Comment
Read more

Kali Linux - Installation and Configuration

Kali Linux is one of the best security packages of an ethical hacker, containing a set of tools divided by the categories. It is an open source and its official webpage is https://www.kali.org. Generally, Kali Linux can be installed in a machine as an Operating System, as a virtual machine . Installing Kali Linux is a practical option as it provides more options to work and combine the tools. You can also create a live boot CD or USB. All this can be found in the following link: https://www.kali.org/downloads/ BackTrack was the old version of Kali Linux distribution. The latest release is Kali 2018.1 and it is updated very often. To install Kali Linux − First, we will download the Virtual box  or Vmware workstation and install it. Later, we will download and install Kali Linux distribution. Instead of downloading  the images file you all can download that ova file extension . The benefits of it is that you do not have to install it. What you have to do is to just ...
Post a Comment
Read more

networks nd networking 1

Types Of Network •LAN - Local Area Network is in a small geographical area, such as a college or office building. •WAN - Wide Area Network Combination of multiple LANs. •WLAN - Wireless Local Area Network Links two or more devices using some wireless distribution method and usually providing a connection through an access point to the wider internet. Local Area Network (LAN) •A LAN connects network devices within a limited geographical area such as office buildings or schools. •The data transfer is managed by a transport protocol such as TCP/IP. •The transmission of data is performed by the access method (Ethernet, Token Ring, etc.). Wide Area Network (WAN) •A WAN covers a wide geographic area, carrying data over long distances, such as a country •WANs can be formed by different LANs •The connection between different LANs may not be permanent •WANs are sophisticated networks, but transmission speeds have generally been slower than those commonly achieved on LANs WLAN (Wireles...
Post a Comment
Read more