Here is a list of Different type of MITM attacks
LOCAL AREA NETWORK: -
- ARP poisoning -
- DNS spoofing
- STP mangling
- Port stealing
- ARP poisoning
- DNS spoofing
- DHCP spoofing
- ICMP redirection
- IRDP spoofing - route mangling
- DNS poisoning
- Traffic tunneling
- Route mangling
- Transparent proxy attack
STEP1
URL rewriting: Prepend all URL's with the attacker's host so that requests are routed through it. http://home.netscape.com/ becomes http://www.attacker.org/http://www.server.com/STEP2
Pages are then requested through www.attacker.org, which functions as a proxy to fetch the true page (in this case, http://www.server.com/ ), applying any of the attacker's desired transformations in the process.STEP3
STEP 4
After the above steps have been executed there is a secure connection between the victim and the attacker's host of which the victim is unaware as he is happy to notice that he has a secured connection hence his data is safe.The attacker can then create a secure connection to the real host, decrypt the received data, apply transformations, re-encrypt for the victim, and send it on to him.` The Victim still remains uninformed however the Hacker has already achieved his goal.
- DNS Cache Poisoning
Every system has a host file in its systems directory in case of windows this file resides at the following location in case of windows :
C:\WINNT\system32\drivers\etc
Your computer also has a hidden system file called the Hosts file. This file can be used to hard code domain name translations and direct you to a different site. The file in you system looks like this :
Specimen of a normal Host file:
# Copyright (c) 1993-1999 Microsoft Corp.Normally if you try to visit www.citibank.com your computer sends the request to a DNS server to find out the IP address of that domain name. After the same has been resolved the request generated from your browser is forwarded to the Citibank Webserver.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
Specimen of a normal Host file under DNS poisoning attack:
# Copyright (c) 1993-1999 Microsoft Corp.However for a system under such attack Hosts file supercedes DNS records by adding an entry in the Hosts file with the domain name "citybank.com" and a different IP address to which your computer can be redirected. Rather than being sent to the true Citybank server your request will go to the address specified in the Hosts file.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
XX.XX.XX.XX Citibank.com
In the above example XX.XX.XX.XX depicts the IP address of Hackers server which is hosting a fake login screen for the legitimate domain www.citibank.com.The victim thinks that he is passing his credentials to what he types as www.citibank.com in the browser bar. However the attacker has already achieved his goal! Once again the victim remains uninformed.
http://www.contentverification.com/man-in-the-middle/index.html
