Thursday, June 18, 2020

Man-in-The-Middle Attack

Man-in-the-middle attack is a type of cyber attack where a malicious actor inserts herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other.

Key Concepts of a Man-in-the-Middle Attack(MITMA):
  • Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.
  • A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.
  • Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late.
A public key infrastructure, such as Transport Layer Security, may harden Transmission Control Protocol against MITM attacks. 

Clients and servers exchange certificates which are issued and verified by a trusted third party called a certificate authority (CA).

If the original key to authenticate this CA has not been itself the subject of a MITM attack, then the certificates issued by the CA may be used to authenticate the messages sent by the owner of that certificate.

Use of mutual authentication, in which both the server and the client validate the other's communication, covers both ends of a MITM attack, though the default behavior of most connections is to only authenticate the server.

Offensive Security Tools:
  • SQLMap
  • Air Crack-Ng
  • ncrack
  • SSl Strip
  • EtterCap
  • MetaSploit framework

No comments:

Post a Comment

ES12 new Features