Yes. I know. The title seems scary. But it is not the name of some movie. But I can bet it is as scary as it gets. Man in the middle MITM is a type of attack used in hacking and network hijacking stuff.
But why the name Man in the Middle MITM. Wait! That’s not it! It was previously known as Monkey-in the Middle. I don’t know why it was called that, but I surely know why Man in the Middle MITM is the name. Following picture will be self-explanatory for its definition.
Image Source: github.com
Man-In-The-Middle Attack ( MITM ) Synopsis
Still in doubts? Let me explain this to you. Assume that you are a person who is required to do site visits regularly for your company for some x type of job. You visit your clients place and attach your dongle to start the internet.
But you see that you failed to recharge your internet package (just assume). And now you cannot even recharge it due to the fact that your internet is down.
Now the client is good enough to allow you to access his Wireless LAN or Wi-Fi in our case. But the thing is, is this safe? Absolutely not. You, my friend now can be a victim to some big corporate espionage stuff. Hahaha…Not exactly, but my point is just that it’s not safe. Let me explain it to you in some other manner.
What I told you above was just a warning. I have done this in real life, and let me show you the consequences of that. I am a Penetration tester to start with.
Whatever I am going to say here is what I suggest you to do in your own home environment or lab. Doing this in public place can put you in some serious legal issues. (In short, until unless you have a good lawyer, don’t do this).
Two years ago, when I was still learning hacking (I still am learning), I was sitting in a McDonalds in Pune, India. My internet was down that week due to extreme rainfall. And since I am a person who cannot live without internet, I decided to crash at a McDonalds, reason being it has FREE Wi-Fi.
Yes, People normally straight away jump into a place where there is free internet (at least people in India do) without thinking the problems it can cause (because of people like me).
So, I started my laptop. I had installed Arch Linux at that point of time which is still my favorite. But what I did could be done in any laptop installed with basic Linux OS (YES-Its Linux). I was bored and since I had nothing to do, I started a MITM attack for fun basis. This attack is pretty sophisticated.
What this would do is, it would probably make other computers and cell phones on the network think that I am the router and pass all the packets through me. If you are not horrified about this, then you should be.
The reason for that is because, now I handle each and every information that passes through the network; both incoming and outgoing traffic. Now I can view the packets, sniff them and look through all the data passing through.
Either be it people logging on to social networking websites, people chatting with each other or worse, people doing banking transactions. I would normally stay away as soon as I saw any bank’s digital certificate. But what I would do just for fun sake is that I would modify the chats that people used to do.
This was seriously fun. WhatsApp is Secured (or at least you cannot crack it as soon as it passes through the network). A lot of people used to use We-chat and Hike which had extreme low encryption or no encryption at all. So, when a guy used to ask to a girl to meet somewhere, I would usually change the address of their meeting.
I know this is childish, but as I said, it was fun. (I actually did much more than just this). So, the thing is I could not only see the transactions and traffic happening, I could even change them, send something totally off the charts.
The How to and Why
Okay, now the main question you all have been waiting to ask? Why? It is probably not even a question. There are a lot of answers for that, like to make yourself secure, or to understand the risks involved and the science as to how it works in reality and as a matter of fact, how to know and catch anyone doing the same stuff to you.
So, to start with, to do an MITM attack, I recommend using Kali Linux. That way, there is very less hassle for you to install anything, reason being Kali Linux is a pentesting software and it comes with almost every tool pre-installed.
MITM is normally performed using ARP poisoning. MITM includes cookie stealing, session hijacking where you can capture any person’s whole login session and many more.
With enough information, one can even perform a Distributed Denil of Service attack and take the whole network down. I won’t be writing down full-fledged pieces of codes, here. But I would be telling you the basics of MITM to get you started with. The reason for that is because, the attack mostly depends on the security of the router as well.
You just cannot take a laptop these days and hack into something. You need proper setup for that. So, after installing kali linux, I would recommend having a good monitoring and injecting Wi-Fi.
The one I have been using for months is TP-Link Wn722n. It has a good range and is extremely powerful and portable to do a MITM attack.
Now all you need to do is use ArpSpoof to spoof your Mac ID to let the network think you are the router and then capture all the packet via Wireshark and tcpdump. You can also sniff the traffic with Dsniff, but however you won’t be able to sniff https packets.
Dsniff only works with unsecured socket layer i.e. http and not https. To work with http, you would need to use SSL Strip, to discard the Secure sockets layer and then sniff the packets through it.
There are a few more things to keep in mind. Make sure that your firewall is configured to accept these packets. Also, if you doing this on LAN, it’s not an issue, but if you are trying to do this on a WAN, then you would have to port forward it to get these packets.
Following are a few MITM Attack Tools which can be used:
Cain and Abel – A GUI tool for sniffing an ARP Poisoning. Since, I am in this field since a long time, I would rather suggest not to go for man in the middle attack tools for windows. Reason being, if you are trying to do multiple attacks, windows won’t help. You will have to switch to Linux or have multiple computers which, is not good.
- Ettercap and Wireshark: To sniff packets on LAN
- Dsniff: To capture SSH logins
- SSLStrip – To remove secure layer over packets
- Airjack – To do Multiple MITMs at one go
- Wsniff – A tool for SSL and HTTPS removal
If you thought this was it, wait. There is one more platform most of you may not even know of: And it’s my favorite Android. Let’s see what Android has in its store:
- Dsploit – A tool for just Different types of MITM attacks
- Zanti2 – Zanti is a commercial software, previously it was a paid app, but recently they have made it a freeware. It is extremely strong in case of MITMs and other attacks
- Wireshark – Same as Linux
- Kali Linux – Yes. There is Kali Linux available for Android which is now known as NetHunter. The best part is, you can even ssh into your own home computer with that and then start the hacking without leaving any trace.
So, next time you see anyone messing around your network, it’s not just a guy with a laptop you need to be doubtful of. Any person with a good android Cellphone like the Nexus or the One plus can hack into your network without even you knowing that.
This is how the GUI of Kali on Nethunter looks like:
Image Source: kali.org
Paranoia is the key to Security
The only way to stay secure in this parasite ridden world is to stay paranoid. It’s not just for MITM attack, but because it’s for everything. Following are a few steps that you can consider when accessing a public Wi-Fi to keep yourself secure:
- Always use VPN when connecting to email Services
- Use a secure email with decent email security to detect malwares, eg: Google or Protonmail
- If you yourself are a Public Wi-Fi owner, you should install an IDS i.e Intrusion Detection System to capture any type of non-normal activity
- Check your credentials every now and then to see if any random activity has occurred, or if it has been accessed from some other location. Change your passwords every month. And most importantly, don’t make them easier for people to crack. Most people keep passwords like 18two19Eight4. This password is extremely easy to crack, reason being this can just be a birth date i.e. 18th Feb 1984. Passwords should be like ‘iY_lp#8*q9d’. Yup, this is how a decently secure password looks like. I am not saying this is uncrackable. But, it will consume 10 times more the time it takes in the case of prior.
So, that would be it for now. Wait until my next blog on Cyber Security for more Updates. Till then, stay secure and keep hacking.
Here are some articles that will help you to get more detail about the Secret Attacker so just go through the link.