What is MITM ?
Lets have an example first. An attacker puts up a fake bank website and entices user to that website. User types in his password, and the attacker in turn uses it to access the bank’s real website. Done right, the user will never realize that he isn’t at the bank’s website. Then the attacker either disconnects the user and makes any fraudulent transactions he wants, or passes along the user’s banking transactions while making his own transactions at the same time.
Here’s what Wikipedia says “In cryptography, the man-in-the-middle attack (often abbreviated MITM), or bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).”
A Man-in-the-middle attack can only be successful when the attacker can impersonate each endpoint to the satisfaction of the other. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL authenticates the server using a mutually trusted certification authority.
Various defenses against MITM attacks use authentication techniques that are based on: Public key infrastructures
Stronger mutual authentication
Secret keys (high information entropy secrets)
Passwords (low information entropy secrets)
Other criteria, such as voice recognition or other biometrics
Off-the-Record Messaging for instant messaging
The integrity of public keys must generally be assured in some manner, but need not be secret. Passwords and shared secret keys have the additional secrecy requirement. Public keys can be verified by a Certificate Authority, whose public key is distributed through a secure channel (for example, with a web browser or OS installation). Public keys can also be verified by aweb of trust that distributes public keys through a secure channel (for example by face-to-face meetings).
Tools For Hacking
dsniff – A tool for SSH and SSL MITM attacks monkey6.
Cain – A Windows GUI tool which can perform MITM attacks, along with sniffing and ARP poisoning
Ettercap – A tool for LAN based MITM attacks
Karma – A tool that uses 802.11 Evil Twin attacks to perform MITM attacks AirJack – A tool that demonstrates 802.11 based MITM attacks
wsniff – A tool for 802.11 HTTP/HTTPS based MITM attacks an additional card reader and a method to intercept key-presses on an Automated teller machine
The MITM attack could also be done over an https connection by using the same technique; the only difference consists in the establishment of two independent SSL sessions, one over each TCP connection. The browser sets a SSL connection with the attacker, and the attacker establishes another SSL connection with the web server. In general the browser warns the user that the digital certificate used is not valid, but the user may ignore the warning because he doesn’t understand the threat. In some specific contexts it’s possible that the warning doesn’t appear, as for example, when the Server certificate is compromised by the attacker or when the attacker certificate is signed by a trusted CA and the CN is the same of the original web site.