What is a Man in the Middle Attack?
When there is an unwanted proxy in the network intercepting and modifying the requests/responses, this proxy is called a Man in the middle or we can say that Man In the Middle Attack poses a serious risk to online communication, resulting in the stealing of private data, financial loss, and harm to reputation. For example, suppose you are connected to a Wi-Fi network and doing a transaction with your bank. An attacker is also connected to the same Wi-Fi. The attacker does the following:
- The attacker sends the rogue ARP packets in the network that map the IP address of the access point to the MAC address of the attacker’s device.
- Each device connected in the network caches the entry contained in the rogue packets.
- Your device uses ARP to send the packets destined for your bank’s web server to the access point (which is the default gateway for the network).
- The packets get sent to the attacker’s machine.
- Attackers can now read and modify the requests contained in the packets before forwarding them.
This way the attacker is suitably situated between you and your bank’s server. Every bit of sensitive data that you send to your server including your login password, is visible to the attacker. ARP cache poisoning is one of the ways to perform an MITM attack; other ways are –
- DNS spoofing.
- IP spoofing.
- Setting up a rogue Wi-Fi AP.
- SSL spoofing, etc.
The use of SSL can prevent these attacks from being successful. Since the data is encrypted and only legitimate endpoints have the key to decrypt it, the attacker can do very little from the data even if he gets access to it.
(SSL is only useful if it’s set up properly, there are ways to circumvent this protection mechanism too, but they are very hard to carry out). Still, an attacker can do a lot of damage if the web application with which the user has been interacting does not utilize the use of something called the nonce. The attacker can capture the encrypted request, for the entire session and then carefully resend the requests used for logging in. This way the attacker will get access to your account without knowing your password. Using nonce prevents such “replay attacks”. A nonce is a unique number that is sent by the server to the client before login. It is submitted with the username and password and is invalidated after a single use.
How to Prevent Man In the Middle Attack?
In a web application, there are two things usually: the client and the server. The third entity that remains unnoticed most of the time is the communication channel. This channel can be a wired connection or a wireless connection. There can be one or more servers in the way forwarding your request to the destination server in the most efficient way possible. These are known as Proxy servers.
Contact Us