Man In The Middle
Man In The Middle Definition:
The term “Man In The Middle” (MiTM) refers to a network layer attack vector used to capture credentials, session tokens and other sensitive information that an attacker could leverage to gain unauthorized access to systems and data.
The underlying concept of a man in the middle attack is quite simple. An attacker places themselves directly in between the communication stream of a victim machine and their default gateway (usually a router or switch). This can be accomplished physically by placing a small device such as a “Drop Box” in between the victim and the gateway. Or virtually by sending spoofed Address Resolution Protocol (ARP) broadcasts to the victim and gateway causing them to update their ARP tables to point to the attacker’s machine.
In either method all traffic flowing to and from the victim machine must first route through the attacker, hence the name “man in the middle”. This allows them to take control of or capture any sensitive information being sent and received.
Man In The Middle Tools
|Ettercap||A feature-rich suite of MiTM tools|
|Burp Suite||An interception proxy and web testing framework|
|ARP Spoof||A command-line tool for ARP poisoning|
|Scapy||A Python library used for packet manipulation|
Man In The Middle Example
Subscribe to Pentest Geek
Follow Pentest Geek
- Recovering Passwords From Hibernated Windows Machines
- How To Install Metasploit Framework Ubuntu 14.04
- How to Install Nmap From Source
- Another Lap Around Microsoft LAPS
- Credential Harvesting via MiTM – Burp Suite Tutorial
- Forensics and Incident Response
- Information Gathering
- Penetration Testing Tutorials
- Web Applications