Man-in-the-middle attack
Description
The man-in-the middle attack intercepts a communication between two systems. For example, in an http transaction the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server, as shown in figure 1. Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.
Figure 1. Illustration of man-in-the-middle attack
ARP Poisoning :-
Address Resolution Protocol (ARP) spoofing, also known as ARP flooding, ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP Spoofing may allow an attacker to sniff data frames on a local area network (LAN), .
Through this attack An Attacker can compromise victim machine & hack facebook,gmail,yahoo etc password through online sessions even on Https ie ssl encryption without any certificate error .
Through this attack An Attacker can compromise victim machine & hack facebook,gmail,yahoo etc password through online sessions even on Https ie ssl encryption without any certificate error .
i will use backtrack 5 to show you how to perform this attack with ssl encryption bypass on Lan computers
wait for my next video tutorial:)
What is a " Man in the middle attack"?