MAN IN THE MIDDLE (MITM) ATTACK

XcelToken Exchange
XcelPay Magazine
Published in
2 min readOct 9, 2019

A man-in-the-middle attack is a category of cyberattack where a malevolent actor inserts him/herself into a tête-à-tête between two parties, impersonates both parties and receives access to data that the two parties were trying to send to each other. A man-in-the-middle attack allows a malevolent actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Man-in-the-middle attacks can be abbreviated in many ways, including MITM, MitM, MiM or MIM.

Key Concepts of a Man In The Middle Attack

  1. Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.
  2. A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.
  3. Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late.

Interactions that are susceptible to MITM Attack

  • Financial sites — between login and authentication
  • Connections meant to be secured by public or private keys
  • Other sites that require logins — where there is something to be gained by having access

Other Forms of Session Hijacking

Man-in-the-middle is a form of session hijacking. Other forms of session hijacking similar to man-in-the-middle are:

  1. Sidejacking — This attack involves sniffing data packets to steal session cookies and hijack a user’s session. These cookies can contain unencrypted login information, even if the site was secure.
  2. Evil Twin — This is a rogue Wi-Fi network that appears to be a legitimate network. When users unknowingly join the rogue network, the attacker can launch a man-in-the-middle attack, intercepting all data between you and the network.
  3. Sniffing — This involves a malicious actor using readily available software to intercept data being sent from, or to, your device.

--

--

XcelToken Exchange
XcelPay Magazine

The Most Trusted Bitcoin, Ethereum & Litecoin crypto exchange II Bitcoin exchange platform II Cryptocurrency trading platform II XcelToken Exchange