Man in the Middle, classic but still relevant.
What is MITM? How to achieve it? What impact it have?
Find out MITM in this presentation (Jakarta, 25/07/2020)
2. Hi!
I am Satria Ady Pradana
◎ Cyber Security Consultant at Mitra Integrasi
Informatika
◎ Community Leader of Reversing.ID
◎ R&D Member of Indonesia Honeynet Project
◎ Researcher
xathrya
@xathrya
Reversing.ID
Revealing the Truth through Breaking Things
https://xathrya.id
3. Man in the Middle (MITM)
Also known as:
1. Bucket-Brigade Attack
2. Eavesdropping
MITM: TALES OF TRUST AND BETRAYAL 3
4. Man in the Middle (MITM)
1. Eavesdropping.
2. Positioning self between two communicating parties.
3. Able to monitor, relay, and possibly alter the messages.
4. (Usually) Tricking each parties, impersonate as the other side of communication.
Using or act as proxy in the middle ground.
MITM: TALES OF TRUST AND BETRAYAL 4
5. Man in the Middle (MITM)
Derived from the basketball scenario.
Two players intend to pass a ball to each other while one player between
them tries to seize it.
MITM: TALES OF TRUST AND BETRAYAL 5
6. Who Use MITM?
1. Hackers, attacking people in vicinity, to sniff or steals data.
2. Security researcher, targeting his own hardware or application, to learn the behavior.
MITM: TALES OF TRUST AND BETRAYAL 6
7. Impact
In most cases:
1. Credentials stolen.
2. Activity monitored.
3. Tamper messages.
MITM: TALES OF TRUST AND BETRAYAL 7
9. MITM: Types
Based on Interactions
1. Passive
2. Active
Based on Level of Proximity
1. Application Level
2. Network Level
3. Hardware Level
MITM: TALES OF TRUST AND BETRAYAL 9
Based on Attacks
1. Rogue Access Point
2. Identity Spoofing
10. MITM: Passive
1. Quietly monitor messages.
2. Capturing information in transit without modify any part in any way.
3. Modifying the infrastructure, not the target.
MITM: TALES OF TRUST AND BETRAYAL 10
11. Network Tapping
1. Introduce middle point in communication line.
2. Copy the messages in traffic.
3. No transit, no controlling flow.
MITM: TALES OF TRUST AND BETRAYAL 11
12. Port Mirroring
Also known as SPAN (Switched Port Analyzer)
Feature of most enterprise-class switches (managed switches).
Forward in/out traffic of specific port to other port.
MITM: TALES OF TRUST AND BETRAYAL 12
13. MITM: Active
1. Periodically send requests.
2. Modify application or machine behavior to redirect messages.
3. Force request to transit to proxy, unbeknownst.
MITM: TALES OF TRUST AND BETRAYAL 13
14. Application-Level MITM
1. Application to application communication.
2. Intercomponent communication.
3. Altering applications behavior.
4. Hooking functions.
Example classes:
1. Man in The Browser
MITM: TALES OF TRUST AND BETRAYAL 14
15. Network Level MITM
Host to host communication.
Techniques:
1. Rogue Access Point
2. ARP Spoofing
3. DNS Spoofing
4. DHCP Spoofing
MITM: TALES OF TRUST AND BETRAYAL 15
16. Rogue Access Point
1. Pretend as legitimate Access Point.
2. Trick nearby devices to join.
MITM: TALES OF TRUST AND BETRAYAL 16
17. ARP Spoofing
1. Address Resolution Protocol
1. Convert / map IP address into physical address (MAC).
2. Switch know MAC addresses, router know IP addresses.
2. Sent packets to modify ARP cache table.
1. Usually attacker imposing as gateway.
MITM: TALES OF TRUST AND BETRAYAL 17
18. DNS Spoofing
1. Domain Name System
1. Convert domain name to IP address.
2. Machine use IP address fluently, human remember words better.
2. Send packets to corrupt and modify DNS cache information.
3. Usually sniffing ID of any DNS request and reply before the real DNS server.
MITM: TALES OF TRUST AND BETRAYAL 18
19. DHCP Spoofing
1. Dynamic Host Configuration Protocol
1. Set up host IP address, gateway, DNS server, and subnet dynamically.
2. Give desired configuration to victim.
3. DHCP requests are made in broadcast mode.
4. Reply to machine DHCP requests before real DHCP server answer.
1. IP address of victim.
2. Gateway address assigned to
MITM: TALES OF TRUST AND BETRAYAL 19
20. Hardware-Level MITM
1. Targeting contactless devices (proximity card, RFID, NFC, etc).
2. Commonly used to relay and replay messages.
MITM: TALES OF TRUST AND BETRAYAL 20