--------------------------------------------------------------------------
MITM: Man In The Middle
Written by: Chroniccommand
Originally for CodeShock
--------------------------------------------------------------------------
Introduction
This paper is not a how-to on MITM. This is simply to provide more information on it and increase your knowledge(hopefully). I will be going over what a Man In The Middle attack is, how it is used and more.
----------------------\\
What is MITM?
MITM stands for Man In The Middle. It is referred to as a network security "attack". MITM is basically the method of sitting between a victim's computer and the router, listening to connections. Thus the name Man In The Middle, for the fact you are basically sitting in the middle of your victim and the router. An attacker can capture the packets sent from the victims computer and dissect them(For lack of a better word). It is a form of eavesdropping on the victim. The attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).
http://slabbed.files.wordpress.com/2008/11/main_the_middle1.jpg
-------------------\\
Examples
Lets say I want to communicate with my good friend LightningKey. Meanwhile, my other friend 7haxr wishes to eavesdrop on the conversation, or possibly deliver a false message to LightningKey. LightningKey, wishes to send me a password or something similar. Let's view the conversation and add some comments shall we?
Step 1:
1. Chroniccommand sends a message to LightningKey. The message is then intercepted by 7haxr
"Hey chronic, I need to send you the password to CodeShock FTP so you may continue working on the coding."
2. 7haxr relays a new message to LightningKey making LightningKey believe it is really me.
"Alright send me the username and password please :)"
3. LightningKey replies to 7haxr, thinking hes me, and sends the username/password
"Thanks chronic, Username == USERNAME_HERE and the password is PASSWORD_HERE"
BOOM! 7haxr now knows the username and password, all thanks to Man In The Middle.
-----------------------\\
Significance of MITM
Man In The Middle can be quite powerful but can also be defended from. MITM can be useful to the hacker because he can do things like:
#Reroute traffic
#Steal passwords
#Eavesdrop into conversations

And more.
--------------------\\
This was a short introduction to MITM by chroniccommand. I hope those of you that don't know much about MITM can benefit from this short article