Man in the middle (MITM) attacks are a common cyber security attack that allows attackers to eavesdrop on the communication between two targets. The attack occurs between two legitimately communicating hosts, allowing the attacker to “listen” to a conversation they should typically not be able to listen to, hence the name “man-in-the-middle.
Basically in the MITM hacker or attacker can take place between two targets that could be node in the network or could be two users that are communicating with each other, over the internet suppose they are sharing some private data or information together or sharing resources, or sending requests to the server to get some private or important information after successfully perform MITM attack hacker can steal their private data, And also can eavesdrop between requests and responses and can change that result. Also can steal your account passwords etc.
Man in the middle Attack tools
These tools are particularly efficient in LAN network environments because they implement extra functionalities, like the arp spoof capabilities that permit the interception of communication between hosts.
- Ettercap
- Dsniff
- Burp Suite
MITM Proxy-only tools
Proxy tools only permit interaction with the parts of the HTTP protocol, like the header and the body of a transaction, but do not have the capability to intercept the TCP connection between client and server. To intercept the communication, it’s necessary to use other network attack tools or configure the browser.
- OWASP WebScarab
- Paros Proxy
- Burp Proxy
- ProxyFuzz
- Odysseus Proxy
- Fiddler (by Microsoft)
- mitmproxy
