The Secret Security Wiki


Man in the Middle Attack

In a Man-in-the-Middle (MitM) attack an attacker is able to insert himself into the communications channel between two trusting parties for the purpose of eavesdropping, data theft and/or session tampering. There are multiple ways an attacker can carry out the attack depending on the setup and type of communications channel established.

One common example for a MitM attack is when an attacker on the internet intercepts communications between a client and a server, causing both sides to think they are communicating with one another, when in fact they are both communicating with an attacker. The attacker transparently relays data traversing the communications channel to the respective parties after reading it and/or tampering with it.

Another common example is what is referred to as Man-in-the-Browser (MitB) attack, a form of MitM, where the attacker compromises the client web browser, typically with the aid of a malware. Once the browser is controlled by the attacker, it can steal data that is sent and received through it and alter what is being presented to the user and what is being communicated to the server. MitB attacks are commonly used to attack online banking services by stealing credentials and/or carrying out fraudulent transactions once the user is logged into his account.

There are eight types of man in the middle attacks:

  1. DNS spoofing.
  2. IP spoofing.
  3. Wi-Fi eavesdropping
  4. HTTPS spoofing.
  5. SSL hijacking.
  6. Email hijacking.
  7. Session Hijacking
  8. Man in the Browser

See our guide to Man in the Middle Attacks and how to prevent them

  • What is a passive man in the middle attack?

    In a passive MitM attack, the attacker is simply a passthrough point between two trusting parties, where he can eavesdrop and extract sensitive information. The attacker does not take any active measures to manipulate/tamper with the communications.

  • Is Eavesdropping attack the same as MiTM attack?

    A MitM attack enables eavesdropping, but MitM can be used to carry out other nefarious activities such as stealing data and tampering with communications. Eavesdropping is also enabled using other forms of attack.

  • How does a man-in-the-middle attack work?

    In a man-in-the-middle (MitM) attack, the attacker manages to insert himself between two trusting parties, creating the illusion that the parties are talking to one another when in fact they are talking to or through the attacker.

  • What is a man-in-the-browser attack?

    Man-in-the-browser (MitB) attack is a form of MitM where the attacker obtains complete or partial control of the browser. By compromising the browser, the attacker inserts himself between two trusting parties – the user behind the browser on one end and the server application on the other end. When in control of the browser, the attacker can steal sensitive information like user passwords submitted to login forms, or tamper with the protected session after the user has logged in. MitB is commonly used to access online banking accounts for the purpose of carrying out fraudulent transactions. The user has no idea that his web browser is compromised and operated by the attacker.

  • What types of MiTM attacks are there?

    MitM attacks are dynamic in nature and can take on many forms. One common attack is when an attacker sets up a fraudulent site impersonating a legitimate site – for example an online banking site. The unsuspecting user supplies access credentials to the fraudulent site, which are relayed to the real site. When the real site challenges the user to provide a second factor of authentication, the fraudulent site relays the challenge, and then the user response. Once authenticated, the attacker has access to the user’s account.

    Another common form of MitM attack is what is referred to as man-in-the-browser (MitB).