Man-in-the-Middle (MITM) Attacks

TLS and HTTPS

Transport Layer Security (TLS) is a cryptographic protocol that allows client-server applications to communicate across different network nodes to prevent eavesdropping and tampering in the computer network setup. Before the advent of TLS, unless specifically designed, applications and sites sent data over the internet openly. Any unethical person could simply intercept those packets and have a fun day.

Nowadays, web developers should ensure that all client-server communication is done over HTTPS, which uses the TLS protocol. Generally, if we see a website running on just HTTP, the only correct course of action is to either run away or use the website inside a properly configured virtual machine.

The MITM attack

The adversary positions themselves in the network in such a way that the communication between a user and a web application can be eavesdropped upon. This can also be extended to intercept the communications and masquerade as either party in order to gain sensitive information. As such, here the hacker is, quite literally, a man (person) in the middle.

Man-in-the-middle (MITM) attacks are easiest to perform with unencrypted communications and also if we’re present in the same network as our target. We’ll notice that we’ve already performed a basic MITM attack with Wireshark.

Before diving deeper, let’s look at a simple MITM attack. Assume we’ve found an old forum running on HTTP and decided to sign up. An adversary using the same Wi-Fi as us can simply intercept our communications with the website. Therefore, when we try to log in, the adversary captures our credentials and uses them to log in themselves. This is illustrated below.