Man-in-the-middle (MITM) attacks are carried out when we are connected to the network. They are a sort of session hijacking of data transfer or intercepting ongoing conservation by inserting in the middle of that transfer.
These attacks are quite dangerous to carry out and users can redirect the flow of packets of information to their device by acting as a proxy. It allows hackers to get confidential data and insert malicious links to corrupt data. It works with the help of a technique called ARP spoofing or ARP poisoning.
ARP spoofing using arpspoof
Arpsoof is a tool used to run the ARP spoofing attack. It is a part of dsniff suite which comes pre-loaded with programs used to launch MITM attacks and redirect the flow of packets to our device.
ARP spoofing using MITMf Bypassing
MITMf is an acronym for Man-in-the-middle Framework. It is a collection of tools written by @byt3bl33d3r and allows users to launch MITM attacks. It is a very easy-to-use framework written in Python.
Bypassing HTTPS
While the previous techniques can sniff and capture data sent over HTTP requests, this technique involves downgrading HTTPS requests to HTTP on the most popular websites such as Google, Facebook, etc.
Generally speaking, whenever we become MITM and anyone tries to log in to these websites, a warning message will be displayed saying that the website certificate is invalid. Using the tool SSLstrip, the target users will be redirected to the HTTP page of the website that bypasses the warning message.
DNS Spoofing
DNS is an acronym for Domain Name System and is the phone book of the internet. It is a server containing the domain name to the IP addresses of the device it is accessed on. When we become the MITM, we can run a DNS server on our system and resolve DNS requests, acting as a middleman. For instance, if a person tries to access Google.com, we can give him the desired IP we want and take him to another website. We can run a completely fake website and redirect target users anywhere we want. We can even take them to our local server, such as the Apache web server.