What is Man-in-the-Middle Attack?
A Man-in-the-middle attack (usually abbreviated as MitM, MiM attack, MitMA or MITMA) happens when an attacker relays and alters the communication that's taking place between two parties. These two parties are under the impression that they are directly communicating with each other, but it's the attacker, the 'eavesdropper', who is controlling the entire conversation. (That's why it's also referred to as the 'Eavesdropping attack'). The attacker thus is able to intercept all messages and can even inject new ones. Thus it becomes possible for the attacker to collect data and misuse it. The attacker can even exploit real-time processing of transactions.
What is Session Hijacking ?
Session hijacking, also called cookie hijacking, refers to the exploitation of a valid computer session and using it to gain authorized access to services, information etc in a computer system. This, in particular, refers to the theft of a magic cookie that is used to authenticate a user to a remote server. This theft of cookies that are used to maintain a session on many websites can be made use of by any hacker for the eavesdropping attack, which we call Man-in-the-middle attack ( MiM attack). 'Source routing' and 'blind hijacking' are the usual methods used in session hijacking.
How Man-in-the-Middle Attack (MitM or MiM attack or MitMA ) Happens?
Man-in-the-middle Attack is carried out by exploiting TCP/IP (Transmission Control Protocol/Internet Protocol) vulnerabilities at various levels. It's in fact a derivative of packet sniffing and spoofing techniques.
A hacker who wants to steal a session would need to use a packet sniffer first. He would have to choose which layer to attack- ARP protocol, or IP or SSL etc.Then he would make use of advanced tools to inject packets to steal the session. The session hijacking happens to be transparent to the victims, they never see it happening.
The hacker would mostly choose sessions from one or more layers for hijacking. For example, he can use ARP spoofing and also cryptographic session stealing to aim at achieving complete control over an e-commerce transaction.
Similarly, a hacker who can create a MiM process can use the MiM process' key in place of the key that the web server sends to the browser, to start an encrypted communication using SSL. Thus the hacker can read or edit messages coming from the browser and also do the same with the server's messages.
Methods of MitMA Attack
A man-in-the-middle attack can be executed in many ways. For example, hackers can use MitMA attacks to distribute malware and thus have access to your web browser or that of the end user. They could also add malware to the Host file so that entries are added and users are redirected to them.
A man-in-the-middle attack could also be made possible exploiting the vulnerabilities in your wireless router configurations. If you want to prevent this, you should consider using an SSL sniffing product. These SSL sniffing products won’t allow malicious attacks to happen because information is encrypted when you use them.
If you’d like to learn more about SSL sniffing and how our product helps, contact us today.
MiM Attack Tools
There are different tools that are used to make possible man-in-the-middle attacks. These include...
PacketCreator - a tool that helps network administrators test their network, by using ARP cache poisoning, and also to generate ICMP packets to send over the LAN. This can be used to make possible MiM attacks (man-in-the-middle attacks).
Dsniff - a suite of programs which is used in auditing or penetration testing and which can be used to carry out man-in-the-middle attacks too.
Ettercap - a suite that features sniffing of live connections, content filtering on the fly etc and which supports active and passive dissection of many protocols. It can facilitate MITM attacks (man-in-the-middle attacks) on LAN.
Cain e Abel - a password recovery tool for Microsoft OSs, which allows password recovery by network sniffing, cracking encrypted passwords, decoding scrambled passwords, recording VoIP conversations, carrying out brute force cracking and Cryptanalysis attacks, uncovering cached passwords etc.
These and other such tools make MITM attacks easy for hackers.
Defending Against MitM Attack
There are basically three effective ways of fighting the Man-in-the-Middle attacks (MITM attack), which is also referred to as the eavesdropping attack. These are-
Virtual Private Network (VPN) is nothing bur extending a private network across the internet and thereby enabling a computer from this private network to send and receive data across shared or public networks. Thus it would benefit directly from the functionality, the security and the management policies of the private network. Setting up a VPN is easy, you just need to have a remote VPN server set up and configured first and then follow some basic instructions which you can always find online.
Proxy Server with Data Encryption
Utilizing a reliable proxy server with data encryption and thereby encrypting the transmission between the user and the proxy helps. Privacy software like Hide My IP would provide you such options- proxy servers and option of encryption.
Secure Shell Tunneling
Secure Shell(SSH), comprising of an encrypted tunnel that is created through an SSH protocol connection, is a network protocol for remote administration of UNIX/LINUX hosts. SSH can be used to log into a remote machine and execute commands. It is also useful in MITM attacks as it supports tunneling, forwarding TCP ports and X11 connections.
A man in the middle attack can also exploit vulnerabilities in your wireless router configurations. To prevent this, you should consider an SSL sniffing product. These products won’t allow malicious attacks because information is encrypted. If you’d like to learn more about SSL sniffing and how our product helps, contact us today.