Skip main navigation

MiTM Attacks

Explore the concept of (Man in the Middle) MiTM attacks.
Woman standing between two digital representations of networks

This article explores the concept of Man in the Middle attacks (MiTM). An MiTM attack is essentially when a hacker sits between you and where you are going on your network. A traffic sniffing MiTM attack allows the hacker to capture network traffic.

There are different types of MiTM attack methods. In wireless networks, a hacker can set up a fake Wi-Fi hotspot. For example, I could set up a fake hotspot with the same name as the Starbucks Wi-Fi, and other customers could connect to my hotspot. Another trick a hacker could use is to launch a DOS attack on the real network and then throw out a hotspot with the same name. Customers think it is the Starbucks Wi-Fi and log into the hacker’s system. While the hacker gives them access to the internet, the hacker could either steal their credentials or redirect them to different websites.

Another example of a Wi-Fi MiTM attack would be when the hacker uses Ghost Phisher, which is still part of Kali Linux. This allows you to spoof any Wi-Fi hotspots you want, allowing you to act as an internet provider. Hackers can also use Wireshark. Wireshark is a packet capturing software and is very useful for network troubleshooting. However, a hacker could also use it for capturing network traffic that allows them access to user credentials.

MiTM attacks can also use a hardware attack method. You have already seen how physical attacks work, and you learned some devices can sit between your device and your system and log information. You have already learned about Key Croc, which sits between your keyboard and the computer capturing information. A hacker may place this device and use it in a MiTM attack. This device will capture everything you type, including your usernames and passwords.

All network users should be trained to increase awareness of these types of attacks and taught how to protect themselves and their devices. You should monitor your devices and lock them when you are not using them, and you should always be aware of any additional devices that are plugged into your machine that you did not authorize. You should also check the authenticity of any Wi-Fi hotspots before joining them, especially in places like coffee shops. You should always check the IP addresses or URLs of sites you are directed to – if the address looks similar but not completely correct, it may be a spoofed site. And finally, when you’re connecting over to the internet to any site, always make sure you’re using HTTPS. HTTP transmits your data in plain text, while HTTPS is a secure connection.

MiTM attacks allow hackers to get your login, your passwords, and other information, and to redirect your network activity. Make sure you understand how to prevent these attacks.

This article is from the free online

Advanced Cyber Security Training: Network Security

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education