There are several tools to realize a MITM attack. MITM is not only an attack technique, but is also usually used during the development step of a web application or is still used for Web Vulnerability assessments. In some specific contexts it’s possible that the warning doesn’t appear, as for example, when the Server certificate is compromised by the attacker or when the attacker certificate is signed by a trusted CA and the CN is the same of the original web site. In general the browser warns the user that the digital certificate used is not valid, but the user may ignore the warning because he doesn’t understand the threat. The browser sets a SSL connection with the attacker, and the attacker establishes another SSL connection with the web server. The MITM attack could also be done over an https connection by using the same technique the only difference consists in the establishment of two independent SSL sessions, one over each TCP connection. Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server, as shown in figure 1. For example, in an http transaction the target is the TCP connection between client and server. The man-in-the middle attack intercepts a communication between two systems. For example, SSL can authenticate one or both parties using a mutually trusted certification authority. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks.
The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).Ī man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other-it is an attack on mutual authentication (or lack thereof). The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
0 kommentar(er)
