Man In The Middle

Man In The Middle

Man In The Middle Definition:

The term “Man In The Middle” (MiTM) refers to a network layer attack vector used to capture credentials, session tokens and other sensitive information that an attacker could leverage to gain unauthorized access to systems and data.

The underlying concept of a man in the middle attack is quite simple.  An attacker places themselves directly in between the communication stream of a victim machine and their default gateway (usually a router or switch).  This can be accomplished physically by placing a small device such as a “Drop Box” in between the victim and the gateway.  Or virtually by sending spoofed Address Resolution Protocol (ARP) broadcasts to the victim and gateway causing them to update their ARP tables to point to the attacker’s machine.

In either method all traffic flowing to and from the victim machine must first route through the attacker, hence the name “man in the middle”. This allows them to take control of or capture any sensitive information being sent and received.

Man In The Middle Tools
EttercapA feature-rich suite of MiTM tools
Burp SuiteAn interception proxy and web testing framework
ARP SpoofA command-line tool for ARP poisoning
ScapyA Python library used for packet manipulation
Man In The Middle Example

Subscribe to Pentest Geek

Follow Pentest Geek


Recent Posts

Free Course

Penetration Testing



Web Application Hacking