What
is MITM (man in the middle) Attack & How to Work
%20Attack.jpg)
Also You can read : How to get Google drive Unlimited Storage #New method 2022
What is Man in the Middle Attack
Medium Attack (MITM) is a common term in which
the perpetrator puts himself in a conversation between the user and the
application – either by attempting to or imitating one of the parties, making
it seem like the normal data exchange is ongoing.
The purpose of the attack is to steal personal
information, such as login credentials, account details and credit card
numbers. Targeted users of financial applications, SaaS businesses, e-commerce
sites and other websites where sign-in is required.
You are reading on : Free-Knowledge4all (here is all hacking and latest technology articles)
Information obtained during an attack can be
used for many purposes, including identity theft, unauthorized wallet transfers
or illegal password changes.
In addition, it can be used to locate a site
within a protected perimeter during the entry phase of a continuous continuous
attack (APT).
In general, MITM attacks are the equivalent of
a postman who opens your bank statement, writes down your account details, then
renews the envelope and delivers it to your door.
How Man in the
Middle Attacks Work
Most MitM attacks follow specific operational
guidelines, regardless of the specific tactics used in these attacks.
Join our telegram channel : Join Now
You may also like : Quill Bot Premium Account Cookie
In this example, there are three
organizations, Alice, Bob and Chuck (invader).
·
Chuck decides and
reads Alice’s message without Alice or Bob knowing
·
Chuck secretly listens
to the channel where Alice and Bob talk
·
Alice sends a message
to Bob
·
Chuck exchanges
messages between Alice and Bob, creating unwanted / harmful responses
Attackers often use MitM to harvest
authenticity and gather intelligence about their intentions.
Multi-factor authentication (MFA) can be an
effective protection against stolen verification. Unfortunately, MFA may pass
in some cases.
Also You can read : How to get Google drive Unlimited Storage #New method 2022
Here is a practical example of a real MiTM
attack on a Microsoft Office 365 where the MFA passed by the attacker:
A user clicks on a phishing scam link that
leads them to a false Microsoft page where they enter a username and password.
Join our telegram channel : Join Now
1.
A fake webpage
transmits a username and password to the attacker’s server
2.
Attacker uses Evilginx
to steal a session cookie
3.
The attacker sends a
login request to Microsoft, so they do not file a complaint
4.
Microsoft sends a
two-step verification code to the user via SMS
5.
The user enters the
code on a fake web page
6.
The fake page
transfers the 2FA code to the attacker’s server
7.
The attacker passes
the 2FA user code to Microsoft, and now the attacker can sign in to Office 365
as a reduced user using a session cookie, and you can access sensitive
information within the business.
Also You can read : How to get Google drive Unlimited Storage #New method 2022
Man in the
Middle Attack Progression and Types
The first step is to capture the user’s
traffic via the attacker’s network before it reaches its destination.
You may also like : Quill Bot Premium Account Cookie
Join our telegram channel : Join Now
Attackers who wish to take an active approach
may start one of the following attacks :
·
IP spoofing involves
the attacker disguising himself as a program by changing the packet titles to
the IP address. As a result, users who try to access the URL linked to the app
are redirected to the attacker’s website.
·
HTTPS spoofing sends a fake certificate to the victim’s browser as soon
as the first request to connect to a secure site is made. Contains a digital
thumbprint associated with a corrupted application, which is verified by a
browser based on an existing list of trusted sites. The attacker was then able
to access any data entered by the victim before being transferred to the app.
· ARP spoofing ARP ridiculing is the method involved with connecting the aggressor's Macintosh address to the authority client's IP address to a nearby organization utilizing counterfeit ARP messages. Subsequently, the information sent by the client to the facilitated IP address is rather communicated to the assailant.
·
DNS spoofing,
also known as DNS cache poisoning, involves infiltrating a DNS server and
modifying a website address record. As a result, users trying to access the
site are sent a modified DNS record to the attacker’s site.
·
SSL hijacking occurs when the attacker passes fraudulent verification
keys to both the user and the system during TCP capture. This setup seems to be
a secure connection when, in fact, the middle man is in control all the time.
How to Detect
a Man in the Middle Attack
Common sense is to protect rather than to
gain.
Join our telegram channel : Join Now
Here are some features that may have
additional listeners in your networks.
·
Accessing public and / or insecure Wi-Fi: Be very careful about which networks you
connect to, and protect public Wi-Fi if possible. Attackers create fake
networks with IDs known as “local free wireless” or another common name to
trick people into communicating. When you connect to the attacker’s Wi-Fi, they
can easily see everything you are sending to the network.
·
Unexpected disconnection and / or duplication:
·
Unusual addresses in your browser’s address bar: If anything in the address looks weird, even
if it’s small, double check it. It could be a DNS hijacker. For example, you
see https: \\ www.go0gle.com instead of https: \\ www.google.com
Thanks For read ..
Like , Follow and share this page to your friends..
Join our telegram channel : Join Now
You may also like : Quill Bot Premium Account Cookie
%20Attack.jpg)
%20Attack.jpg&description=What is MITM (man in the middle) Attack){kind=link}
0 Comments