A Man-in-the-Middle (MitM) attack is a cybersecurity breach where an attacker secretly positions themselves between two communicating parties to intercept, eavesdrop, or alter data in real-time. The victims believe they are talking directly to each other, but the attacker controls the conversation, stealing credentials or financial data.
Key Aspects of MitM Attacks:
- Mechanism:
- The attacker intercepts traffic, such as via insecure Wi-Fi, and acts as a proxy, often decrypting and re-encrypting information without detection.
- Goals:
- Primary objectives include stealing login credentials, spying on conversations, hijacking sessions, or modifying data to redirect funds
Techniques: Common methods include ARP spoofing (mapping attacker MAC to network gateway), DNS spoofing (redirecting traffic to fake sites), and HTTPS spoofing/stripping (breaking secure, encrypted connections).
- Alternative Terms:
- Also referred to as on-path attacks, adversary-in-the-middle, or machine-in-the-middle.
Common Examples:
- Public Wi-Fi Hacking:
- An attacker sets up a fake hotspot with a common name (e.g., “CoffeeShop_Free”) to intercept traffic from connected devices.
- Session Hijacking:
- Stealing browser cookies to impersonate a user on a website after they have logged in.
Prevention Tips:
- Use a Virtual Private Network (VPN) on public Wi-Fi.
- Ensure websites use HTTPS (indicated by a padlock icon).
- Implement multi-factor authentication (MFA) to prevent compromised credentials from being useful.
attack dns arp #wifihacking credentials