IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [man-in-the-middle]

A man-in-the-middle attack (MiTM) is an attack against a communication protocol where the attacker relays and modifies messages in transit. The parties believe they are talking to each other directly, but in fact both are talking to each other via the attacker in the middle.

A man-in-the-middle attack is an active attack against a communication protocol where the attacker relays and modifies messages in transit. The parties believe they are talking to each other directly, but in fact both are talking to each other via the attacker in the middle.

Protection against man-in-the-middle attacks depends on two things: establishing a secure channel, and making sure that the secure channel is established with the intended party: at least one of the parties must authenticate the other one. There are two major ways to set up a secure channel with the right party using cryptography:

  • sharing secret keys or public keys in a secure environment before communication takes place (e.g. provisioning keys on a device during manufacturing, or exchanging PGP keys when meeting in person);
  • relying on a trusted third party, with a public-key infrastructure .

SSL/TLS is the de facto standard way to establish a secure channel over the Internet, in HTTPS and other protocols. Authentication is achieved by either storing the server's certificate on the client or by having the server's certificate delivered by a .

Further reading

1360 questions
46
votes
5 answers

How does someone become a man in the middle?

As I understand it in order to commit a successful MiTM attack you need to be "sitting" somewhere along the traffic path. I assume this means being hooked up to one of the nodes inbetween the end points, physically splicing the wire connecting…
user5948022
  • 587
  • 4
  • 7
11
votes
1 answer

Can user send fake request if it has JWT token?

I developed an android application that request to a REST service for do actions! My questions are: If anyone trace the requests and responses, Can he get the token from headers? Where should I store token in android client? If I store token in…
0xSamman
  • 213
  • 1
  • 2
  • 7
8
votes
2 answers

Why is Huawei's potential spying activity a big issue given that communication protocols are supposed to be secure from MITM attacks?

As far as I understand, Huawei is currently accused of supplying hardware to Western countries that could be used for spying by the Chinese government. But why would this be a big deal? Properly designed communication channels are supposed to be…
JonathanReez
  • 1,034
  • 1
  • 8
  • 16
7
votes
2 answers

Man in the middle attack theory

Me and my colleague are trying to come up with a way around preventing a theoretical man in the middle attack. The scenario is: Communication is only through one channel and either sides isn't aware of what is going to be said. Alice and Bob want…
Softey
  • 189
  • 4
5
votes
1 answer

Who can carry out Man-in-the-Middle (MITM) attacks?

We seem to spend a lot of time guarding against Man-In-The-Middle (MITM) attacks without discussing who we are actually guarding against. This is important because if these individuals are unlikely to attack our website or the cost of them doing so…
Gili
  • 2,169
  • 3
  • 24
  • 43
5
votes
2 answers

Who other than my ISP can perform man-in-the-middle attacks?

I've heard that not using https is dangerous because of man-in-the-middle attacks. Now, if I connect to a server from my home computer, I assume traffic passes through my ISP, so they could eavesdrop if they are malicious. But how can a random IP…
sashoalm
  • 587
  • 1
  • 4
  • 12
5
votes
2 answers

How can I protect the confidentiality, integrity and authenticity of my communication if I am victim of a Man-in-the-Middle attack?

Consider a scenario where my ISP attempts to use a Man-in-the-Middle attack against me to read and possibly modify my Internet traffic. What can I do to access the Internet and still ensure the integrity and confidentiality of my…
user163495
4
votes
2 answers

What are you doing if you notice a MITM attack against a Linux server?

I got this question at a job interview, but I did not know the answer. I think they expected some shell command or packages, which can help react to the attack. Assume that, you are a system admin and you work for the Nokia Networks. This server…
ampika
  • 665
  • 8
  • 13
4
votes
3 answers

How real is the threat of MITM when you have your own network

I never understood why I have to worry about MITM when I am at home connected to my simple WiFiless modem using an Ethernet cable. I can tell how serious the threat is when you are in an Internet cafe or you have a WiFi network but WiFi is…
Ulkoma
  • 8,773
  • 17
  • 68
  • 96
4
votes
2 answers

How does a Short Authentication String (SAS) mitigate MITM attacks?

Reading about Silent Circle, and more specifically Silent Text, I learnt that by implementing SAS, the likelyhood of a MITM attack is greatly reduced. Could someone please explain how this works? If there really is someone intercepting your…
Mike Chamberlain
  • 143
  • 5
4
votes
1 answer

How secure is the phone dial?

A renown online bank uses a phone dial login system (input your login and password via the phone dial pad). How secure is this communication against MitM and similar attacks? Considering I recently read how many major telecommunication networks had…
Sir Muffington
  • 1,611
  • 2
  • 13
  • 25
4
votes
2 answers

MX record Man In The Middle Attack?

In theory it should be possible to change a MX record of site A (aspmx.exampleA.com) to site B (aspmx.exampleB.com) and send the mail back to site A (aspmx.exampleA.com) So you can intercept all the mails, without having to worry about SSl/HTTPS and…
user101579
  • 235
  • 1
  • 3
  • 8
4
votes
2 answers

How could an attacker MITM an average Joe?

Before HSTS, any attacker could simply use SSLStrip and other such methods to "Rogue AP" and read data over the network from people in say coffee shops and the like? How vulnerable is an average Joe in 2016 vulnerable to a MitM attack? Let's assume…
QuyNguyen2013
  • 151
  • 3
3
votes
3 answers

Detecting a MITM attack

If my session is under a Man-In-The-Middle attack, can I detect it by checking the ip addresses my machine is connected to? For example, I want to know if my connection to a certain website is MITMed or not, I can visit the site and then use netstat…
qsc
  • 31
  • 1
  • 2
3
votes
1 answer

What is the difference between ARP and ICMP MITM attack?

I want to know the difference between arp and icmp mitm attacks and why someone would use icmp over arp. I am looking for an educated response comprised of the principles behind both attacks, their typical use and maybe adv/disadv of each. I am not…
J011195
  • 133
  • 1
  • 1
  • 5
1
2 3 4