MiTM is an Synonym for Man in The Middle. This a Hacking technology for a long time network flaw which still now haven't been patched up. This is a technology, where the Hacker poisons the whole network for grabbing usernames and passwords for any Login Form sites, Injects malicious code, Does phishing.etc. So you can see that This is a very powerful attack where may be even passwords of a social networking site to bank account passwords or very hi-level intelligence information can be gained. 'Please Note', that in this Information of today, I will not be explaining any guide on doing an MiTM attack. This is just a knowledgeable post about what MiTM actually is.
Okay, We will first illustrate this in real world hacking. Let us assume that we have 3 persons. A, B and C. A is a very rich man, or your enemy :p , B is a Life insurance agent, or a Bank agent who carries a lot of A's money. And C, thats you, is trying to ROB important documents and money of A. Now lets assume you have already done trying with Robbing his house, But A's Security is very high, The guards kick you out as soon you went infront of the house. Now what? Think what you dressed up and disguise yourself exactly like A, go in, take the documents, Bank A/C and stuff, come in, make a Xerox of everything, Then Disguise as A and go to B and say that I am A came today to give you a documents. So You acted here as Man In the middle. You poisoned both of them with an illusion that all things are right, and you managed to steal his documents.
The exact same thing happens to computers in a Network. Let me first demonstrate what is an ARP or Address Resolution Protocol, what is an IP address and What is a MAC address. An Internet Protocol Address. IP is a logical address of your Digital Device which is connected to the internet. Any thing digitally connected to the internet has an unique IP address. This Protocol is the main purpose of packet delivery through internet to another computer connected to the internet any where in the world. MAC address is the synonym for Media Access Control. It is the physical existence or address of a connected terminal. This address is unique to every device which is hard coded into the hardware device. In this case, its a Network Interface Card - NIC, which lies in the motherboard, or can externally be placed. Ex - A netgear Ethernet card. Now What is ARP? ARP converts a logical IP to a Physical MAC address to transmit data in a TCP/IP system. For Example When I send a DOC to be printed in a network, This happens. My terminal sends a broadcast message like this " Who is IP xxx.xxx.xxx.201? Then Every terminal ignores but the Printer replies with Hey Server? I am the IP address with xxx.xxx.xxx.201. Then again the Server sends a Reverse ARP request asking is Who have the MAC Address with XX:XX:XX:XX:A2? Then Again the printer says, This is my MAC address. After all these confirmations, The signal is finally send to the printer to print the document. This is how ARP works. There is a diagram of the above said words.
 |
| Typical Topography of an ARP |
For example, When you login into www.facebook.com, or mail.google.com or www.mylocalbank.com, You login into a GET login form which is sent from the Domain Server, then by many means, it comes to your router, and then your switch/gateway, and finally to you. When you give your username and password, and hit 'ENTER' , Then the POST form goes to the route, then to the Domain Server by many means again. Now As that Top example like Mr A, B, and C, Lets say A is the User, B is Facebook, and C is the attacker. What C does, is it poisons the ARP so that A that is user's terminal thinks that C the hacker is router B. And Router B thinks that C hacker is user A. So when A logs into Facebook, or any login forms, First, the packets are all transferred to C hacker, and the hacker interprets, and analyzes every data in clear text form, and resends the packets to the router again so that the original connection doesn't fail. Thus An attacker can gain all the informations and passwords of off a network. This is what a Man in The Middle attack is all about. Diagram bellow v
 |
| A Successful MiTM attack |
Dedicated to a Bro of mine - Arya Sengupta.
No comments:
Post a Comment