Man-in-the-Middle Attack

on

 What is a Man-in-the-Middle Attack?

Man-in-the-Middle (MITMattack happens when a hacker inserts themselves between a user and a website. They are mostly targets the financial applications ,e-commerce and other websites because where login is  required .For example, a fake banking website may be used to capture financial login information. The fake site is “in the middle” between the user and the actual bank website.



The goal of an attack is to steal :

  • personal information
  • login credentials
  • account details  
  • credit card numbers

Types of  Man-in-the-Middle Attack

  1. Email hijacking
  2. Wi-Fi eavesdropping
  3. Stealing browser cookies
  4. SSL hijacking
  5. DNS spoofing


Email hijacking

It is a one form of Man-in-the-Middle Attack. In this attack they gain access to email accounts without user's permission. Then they listen the communications between victim and other email accounts which are connected to victim. Use this information for their criminal purpose.



Wi-Fi eavesdropping

All of you are stay connected through social media , chat application ,or emails, it's important. Businesses understand their customers need to stay connected places like hotels, coffee shops , restaurants, and airports, hence they are provide free WiFi.

These hotspots can be among the most dangerous online networks. A hacker might be spying on all the data that you send online. It includes all usernames and passwords you enter while connected to that WiFi. And if you make a bank transaction, the hackers will have your banking credentials. It's too easy targets for hackers.


Stealing browser cookies
It's allows an attacker to log into a website that is protected with a user's username and password by stealing data in real-time.It's not a  virus ,but it is used like spyware. Cookie theft most often occurs when a user accesses trusted sites over an unprotected or public Wi-Fi network.




SSL hijacking

SSL Stands for secure sockets layer. Protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the Internet.Allows secure connections from a web server to a browser.The main goal of SSL hijacking to gain unauthorized access to information or services in a computer system.The session hijacking is a type of web attack. It works based on the principle of computer sessions. The attack takes advantage of the active sessions.


DNS spoofing
To understand the what is  DNS  spoofing let's before understand  
What is a  DNS ?
DNS is Basically Domain Name System. It's translate the domain name into IP address. Like example we search google then  site of Google is Open front of us. But We can Also Open A Google site with help of IP address. Because All Site's have IP address but It's hard to remember the IP address of Sites, so Instead of IP address we use Domain Names of That sites.

How does DNS spoofing works?

  • The Attacker tries to Inject a fake address into the DNS.
  • If the server accepts the fake one ,he cache is 'poisoned'.
  • Request  are then answered by the attackers server.

Conclusion , In this we studied What is the Man-in-the-Middle Attack ans how it works. And also we see the types of Man-in-the-Middle Attack. I hope you like this ,if any suggestions or doubt then ask without hesitate.




Comments

Post a Comment

If any doubt or Suggestion let me Know