(I) Home

Introduction

In a man in the middle (MITM) attack, an attacker inserts himself into a connection between two users. He then proceeds to pose as both communicators and relay messages between them. If he can successfully impersonate both users, he can effectively infiltrate their connection, access all communication between them, and even alter the messages they send, without being detected.

Using the internet, malicious users can largely increase their opportunity to execute MITM attacks. Due to the lack of context inherent in a network connection, identifying a correspondent proves difficult. Facial recognition and voice recognition can no longer be employed. Unless the communicators implement a secure system (generally based on shared secrets where the users must know and trust one another) they cannot guarantee that they communicate directly with each other. An attacker can exploit this fundamental vulnerability in a network connection by inserting herself between the two interlocutors and reading (or modifying) the messages they send to one another.

Site Layout

This site discusses traditional MITM attacks and protocol necessary for their execution - such as establishing a network connection, employing certificates, handshaking, and public key cryptography. Three types of MITM attack are described, including an example implementation of each:
  1. MITM attacks over http and https
  2. Denial-of-Service attacks
  3. SSL/TLS MITM attacks
A section describing the state of research concerning MITM attacks follows the description of the attacks themselves. We conclude with a reflection on the implications for network users.

Tutorial

For the purposes of this tutorial, we have included navigation links at the bottom of each page. Follow them in order to proceed through this resource as an instructional tutorial on MITM and similar network attacks.


Forward