Skip to content

Everything You want Know About Man in The Middle Attack

What Is Man In The Middle Attack?

Man in the middle attack most importantly requires three players. First comes the victim, second comes the entity with which the victim trying to communicate, and the man in the middle. And the worst part of Man in the middle attack is that the victim has no idea of the interception.

How Precisely Does A Man-In-The-Middle Attack Work?

Let us assume you have received an email that appeared to be from your bank, asking you to log in to your account to verify your account information. As soon as you click on the link in the email and you are taken to a fraudster website where its just the replica of your original bank website, where you log in and perform the requested task by the middle man.
Man-in-middle-attack is a type of eavesdropping attack when a phisher inserts himself as a proxy into a communication session between people or system. A MITM attack exploits the conversation, transfer of other data or real-time processing. MITM attack allows a phisher to intercept, send or receive data without even the notice of the owner.

MITM Attacks: Close To You Or With Malware

Man-in-the-middle attacks come in two forms, one that involves physical proximity to the intended target, and another that involves malicious software, or malware. This second form, like our fake bank example above, is also called a man-in-the-browser attack. Attackers execute a man-in-the-middle attack in two phases — interception and decryption.

With a traditional MITM attack, attackers need access to an unsecured or poorly secured Wi-Fi router. These types of connections are generally found in public areas with free Wi-Fi hotspots, and even in some people’s homes, if they haven’t protected their network. Attackers will scan the router looking for specific vulnerabilities such as a weak password. Once attackers find a vulnerability, they’ll use tools to intercept and read the victim’s transmitted data. They then insert their tools between the victim’s computer and the websites the user visits. A successful man-in-the-middle attack does not stop at the interception. The victim’s encrypted data has to be decrypted so that the attacker can read and act upon it.

The Man-In-The-Middle Attack Is Of  Two Forms

  1. Physical proximity to the intended target
  2. Malicious software or malware (main in browser attack)

phishers execute man-in-the-middle attack in two phases interception and decryption. With a traditional MITIM attack, phishers need access to a wi-fi network, so they firstly hack into a wi-fi network. these types of network or connections are available in public areas, or even in some people’s home. If the wi-fi is not protected with strong security. Phishers will scan the router looking for a specific vulnerability such as a weak password. Once the vulnerabilities are found, phishers will use tools to intercept and read the victim’s personal data, transferred data and much more. Then a tool is inserted between the victim’s computer and the website the user visits. Any successful man-in-middle attack does not stop an interception. The victim’s encrypted data is later decrypted so that the reader can read and act accordingly to it.

Types of Man-in-the-Middle Attacks

  • Rogue Access Point
  • ARP Spoofing
  • mDNS Spoofing
  • DNS Spoofing

Rogue Access Point

Devices that are equipped with wireless cards will often try to auto connect to the network emitting the strongest signal. Attackers can set up their own wireless network and trick nearby devices to join its domain. All of the victim’s network traffic can be manipulated by the attacker. This method is so dangerous because the attacker does not even have to be on a trusted

ARP Spoofing

ARP is the Adress Resolution Protocol. It is used to project IP address to physical MAC addresses in a local network. When a host needs to communicate to a host with a given IP address, it references the ARP cache to project the IP address to a MAC address. If the address is not found, a request is made asking for the Mac address of the device with the IP address. An attacker wishing to pose as another host can respond to the request it should not be responding to its own MAC address. With some precisely placed packets, a hacker can identify the private traffic between two hosts. And extract all the confidential information, such as yielding full access to application accounts that are not accessible by everyone or exchange of session tokens.

MDNS Spoofing

Multicast DNS is similar to DNS, it’s done on a local area network (LAN) using broadcast like ARP. The local name resolution system makes the configuration of network devices extremely simple. Users don’t have to know exactly which addresses their devices is communicating. Devices such as printers, Tv’s, and other entertainment systems make use of this kind of protocol since they are connected to a trusted network. When an app needs to know the address of a device or any entertainment system. An attacker can easily slide into these kinds of the system by a fake data request instructing the system to resolve the address and here by taking control over the system. So to avoid these kinds of attacks devices keep a local cache of addresses. Which protects the devices from the attack.

DNS Spoofing

DNS Spoofing is similar ARO resolves IP address MAC addresses on a Local Area Network, DNS projects the domain name to IP address. When using a DNS spoofing attack, the attacker tries to introduce corrupt DNS cache information to a host in an attempt to access another host using their domain names, such as This will lead to the victim sending sensitive information to a fraudulent host, with the trust and confidence they are sending the information to a trusted source. Attackers who have already spoofed the IP address could have will have an easier time spoofing DNS easily by resolving the address of a DNS server to the attacker address

Case Studies

A huge bust on a multinational company nabbing 49 suspects throughout Europe.
They were arrested on suspicion of using Man-in-the-Middle attack. The main motive of the attack was to intercept payment request from emails.

As Europol detailed in a statement, the raid was coordinated by Europol’s European cybercrime center (EC3), led by the Spanish National Police, Italian Polizia di Stato, the Spanish National Police and the Polish Police central Bureau of Investigation supported by Uk law enforcement bodies.
The suspects were arrested at multiple places in Italy, Poland, Spain, The UK, Georgia, and Belgium.
Police seized external hard disks, laptops, telephones, tablets, credit cards, SIM Cards, cash, memory sticks etc.

Further investigation uncovered international fraud totaling $ 68,57,730 that was recovered in a short period of time.

The team’s main targets were medium and large European company via Man-in-The-Middle attacks.
The suspects used social engineering and management and were able to insert malware or spyware onto the network of the target. Once the communication is established with the target’s device they access to the required data like emails, banking info, and many more.
The fraudsters then set up a similar transaction with the targets real site.$6.8 million

Prevention Of Man-In-The-Middle Attack.

With the arena of tools readily available to carry out attacks like Man-in-The-Middle attacks, it takes many steps to help protect yourself, your data, and your connections.

Make sure the “https” is always there on the website you visit to ensure your safety.
Be aware of tricky phishing emails from attackers asking you to update your bank info or any other login credentials.
Instead of clicking on the link provided in the emails, manually type the web addresses in the browser.
Never connect to public wi-fi without activating a VPN ( Virtual Private Network ) like Turbo VPN, Norton Secure VPN, etc. A VPN encrypts your private IP addresses provided from the local internet provider which helps in protecting your private data.
Be sure that the wi-fi you connect is completely secure.

In our rapidly growing connected world, it’s important to know the type of threats and how to be protected from those kinds of threats. So protect your devices and network with proper protection to stay safe and secure

Enroll in a Ethical Hacking Boot Camp and earn one of the industry’s most respected certifications — guaranteed.

-Live online ethical hacking instruction
– Exam Pass Guarantee
– CEH exam voucher

Related courses

  • Texial Certified Hacker
  • Certified Ethical Hacker
  • SOC Certifcation

Defend your business against
the Latest Cyber Threats

share it