Man in the Middle Attacks: How It Work & How to Prevent Them
A man-in-the-middle (MITM) attack involves a hacker listening on internet interactions between a user and a web application to collect sensitive data
IP spoofing: IP addresses help identify websites, devices, and emails. MITM attackers ‘spoof’ their IP addresses to seem as a legitimate host when sending data to a malicious source
ARP spoofing or ARP cache poisoning: An IP address is connected to a local area network’s Media Access Control (MAC) address by the Address Resolution Protocol (ARP)
Domain name spoofing: DNS links website domain names to IP addresses. An MITM attacker can redirect users to a phony website by altering DNS records
HTTPS spoofing: HTTPS encrypts communication between users and websites. To obtain unprotected data, MITM attackers discreetly send visitors to an unencrypted HTTP page
SSL hijacking: SSL allows web browsers and servers to authenticate and encrypt each other. False SSL certificates allow MITM attackers to intercept data before encryption
SSL stripping: When a website accepts HTTP connections before redirecting them to HTTPS, it strips SSL. MITM attacks intercept this transition to read unencrypted data before it switches to HTTPS