SlideShare a Scribd company logo

MITM Attack Intercepts HTTP Traffic

Download as PPTX, PDF
Togis UAB Ltd
Togis UAB Ltd

A man-in-the-middle attack intercepts communications between two systems by compromising the connection, such as the TCP connection between an HTTP client and server. Tools like Wireshark and tcpdump can be used to perform a man-in-the-middle attack on HTTP traffic in a LAN network by analyzing packets at the deepest level. Wireshark is used in this scenario to attack vulnerabilities between network nodes.

1 of 15
Man-in-the-Middle Attack (HTTP)
 The man-in-the middle attack intercepts a communication between two systems.  For example, in an http transaction the target is the TCP connection between client and server.
 The MITM(http) attack is very effective because of the nature of the http protocol and data transfer which are all ASCII based.  There are several tools to realize a MITM attack(http). These tools are particularly efficient in LAN network environments.
 tcpdump and wireshark are the tools that can be used to attack the victims in the network nodes.  In this scenario is I am using Wireshark, to attack the vulnerability in between the network nods.  Wireshark is a powerful network protocol analyzer. It can go to the deepest level of packet inspection .
 CWE-318: Clear text Storage of Sensitive Information in Executable.  Summary: The application stores sensitive information in clear text in an executable. Extended Description : Attackers can reverse engineer binary code to obtain secret data. This is especially easy when the clear text is plain ASCII. Even if the information is encoded in a way that is not human readable, certain techniques could determine which encoding is being used, then decode the information.

Recommended

Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptxPradeepKumar728006
 
Man In The Middle - Hacking Illustrated
Man In The Middle - Hacking IllustratedMan In The Middle - Hacking Illustrated
Man In The Middle - Hacking IllustratedInfoSec Institute
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Man in the middle
Man in the middleMan in the middle
Man in the middleAhmadThaqifAimanAhma
 
Phishing: tecniche e strategie di un fenomeno in evoluzione
Phishing: tecniche e strategie di un fenomeno in evoluzionePhishing: tecniche e strategie di un fenomeno in evoluzione
Phishing: tecniche e strategie di un fenomeno in evoluzioneAndrea Draghetti
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 

Recommended

Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptxPradeepKumar728006
 
Man In The Middle - Hacking Illustrated
Man In The Middle - Hacking IllustratedMan In The Middle - Hacking Illustrated
Man In The Middle - Hacking IllustratedInfoSec Institute
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Man in the middle
Man in the middleMan in the middle
Man in the middleAhmadThaqifAimanAhma
 
Phishing: tecniche e strategie di un fenomeno in evoluzione
Phishing: tecniche e strategie di un fenomeno in evoluzionePhishing: tecniche e strategie di un fenomeno in evoluzione
Phishing: tecniche e strategie di un fenomeno in evoluzioneAndrea Draghetti
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Internet Security
Internet SecurityInternet Security
Internet SecurityPeter R. Egli
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacksHuda Seyam
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020SecPod Technologies
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introductionDr.Florence Dayana
 
Firewall basics
Firewall basicsFirewall basics
Firewall basicsFredrick Hall
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Data encryption
Data encryptionData encryption
Data encryptionDeepam Goyal
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
I P S P O O F I N G
I P S P O O F I N GI P S P O O F I N G
I P S P O O F I N Gavinashkanchan
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffersKunal Thakur
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Man in the middle
Man in the middleMan in the middle
Man in the middleHéctor Romeero López
 
Analyzing Bitcoin Security
Analyzing Bitcoin SecurityAnalyzing Bitcoin Security
Analyzing Bitcoin SecurityPhilippe Camacho, Ph.D.
 

More Related Content

What's hot

WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacksHuda Seyam
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020SecPod Technologies
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 

What's hot (20)

Internet Security
Internet SecurityInternet Security
Internet Security
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
 
Dmz
Dmz Dmz
Dmz
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurations
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
Network security
Network securityNetwork security
Network security
 
Data encryption
Data encryptionData encryption
Data encryption
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
I P S P O O F I N G
I P S P O O F I N GI P S P O O F I N G
I P S P O O F I N G
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 

Viewers also liked

Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Introduction to Bitcoins and Cryptocurrency
Introduction to Bitcoins and CryptocurrencyIntroduction to Bitcoins and Cryptocurrency
Introduction to Bitcoins and CryptocurrencyUtkarsh Gupta
 
Botnet Detection Techniques
Botnet Detection TechniquesBotnet Detection Techniques
Botnet Detection TechniquesTeam Firefly
 
Bitcoin (Global Digital Currency)
Bitcoin (Global Digital Currency) Bitcoin (Global Digital Currency)
Bitcoin (Global Digital Currency) Paramkusa K
 
PSFK Presents the Future of Digital Safety & Security
PSFK Presents the Future of Digital Safety & SecurityPSFK Presents the Future of Digital Safety & Security
PSFK Presents the Future of Digital Safety & SecurityPSFK
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Mobile-First SEO - The Marketers Edition #3XEDigital
Mobile-First SEO - The Marketers Edition #3XEDigitalMobile-First SEO - The Marketers Edition #3XEDigital
Mobile-First SEO - The Marketers Edition #3XEDigitalAleyda Solís
 

Viewers also liked (18)

Man in the middle
Man in the middleMan in the middle
Man in the middle
 
Analyzing Bitcoin Security
Analyzing Bitcoin SecurityAnalyzing Bitcoin Security
Analyzing Bitcoin Security
 
Arp spoofing slides
Arp spoofing slidesArp spoofing slides
Arp spoofing slides
 
MITM : man in the middle attack
MITM : man in the middle attackMITM : man in the middle attack
MITM : man in the middle attack
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
BotNet Attacks
BotNet AttacksBotNet Attacks
BotNet Attacks
 
man in the middle
man in the middleman in the middle
man in the middle
 
Introduction to Bitcoins and Cryptocurrency
Introduction to Bitcoins and CryptocurrencyIntroduction to Bitcoins and Cryptocurrency
Introduction to Bitcoins and Cryptocurrency
 
Botnet Detection Techniques
Botnet Detection TechniquesBotnet Detection Techniques
Botnet Detection Techniques
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofing
 
Bitcoin technology
Bitcoin technologyBitcoin technology
Bitcoin technology
 
Bitcoin (Global Digital Currency)
Bitcoin (Global Digital Currency) Bitcoin (Global Digital Currency)
Bitcoin (Global Digital Currency)
 
PSFK Presents the Future of Digital Safety & Security
PSFK Presents the Future of Digital Safety & SecurityPSFK Presents the Future of Digital Safety & Security
PSFK Presents the Future of Digital Safety & Security
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber-crime PPT
Cyber-crime PPTCyber-crime PPT
Cyber-crime PPT
 
Cyber security
Cyber securityCyber security
Cyber security
 
Mobile-First SEO - The Marketers Edition #3XEDigital
Mobile-First SEO - The Marketers Edition #3XEDigitalMobile-First SEO - The Marketers Edition #3XEDigital
Mobile-First SEO - The Marketers Edition #3XEDigital
 

Similar to MITM Attack Intercepts HTTP Traffic

Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)Togis UAB Ltd
 
Hiding message from hacker using novel network techniques
Hiding message from hacker using novel network techniquesHiding message from hacker using novel network techniques
Hiding message from hacker using novel network techniquesPriyangaRajaram
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANEditor IJCATR
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.RAVI RAJ
 
Ijarcet vol-2-issue-4-1322-1329
Ijarcet vol-2-issue-4-1322-1329Ijarcet vol-2-issue-4-1322-1329
Ijarcet vol-2-issue-4-1322-1329Editor IJARCET
 
An Efficient privacy preserving for Mobile and Pervasive Computing
An Efficient privacy preserving for Mobile and Pervasive ComputingAn Efficient privacy preserving for Mobile and Pervasive Computing
An Efficient privacy preserving for Mobile and Pervasive Computinginventionjournals
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...Thang Nguyen
 
IOT Network architecture and Design.pptx
IOT Network architecture and Design.pptxIOT Network architecture and Design.pptx
IOT Network architecture and Design.pptxMeghaShree665225
 
A Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsA Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsIJERD Editor
 
internet architecture.pdf
internet architecture.pdfinternet architecture.pdf
internet architecture.pdfqhawengcongo
 
Network traceability
Network traceabilityNetwork traceability
Network traceabilityslaprojectkn
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)Wail Hassan
 
Internet of things(iot)
Internet of things(iot)Internet of things(iot)
Internet of things(iot)Rakesh Gupta
 

Similar to MITM Attack Intercepts HTTP Traffic (20)

Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)
 
Hiding message from hacker using novel network techniques
Hiding message from hacker using novel network techniquesHiding message from hacker using novel network techniques
Hiding message from hacker using novel network techniques
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.
 
G011123539
G011123539G011123539
G011123539
 
Ijarcet vol-2-issue-4-1322-1329
Ijarcet vol-2-issue-4-1322-1329Ijarcet vol-2-issue-4-1322-1329
Ijarcet vol-2-issue-4-1322-1329
 
An Efficient privacy preserving for Mobile and Pervasive Computing
An Efficient privacy preserving for Mobile and Pervasive ComputingAn Efficient privacy preserving for Mobile and Pervasive Computing
An Efficient privacy preserving for Mobile and Pervasive Computing
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Mitm
MitmMitm
Mitm
 
A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...
 
IOT Network architecture and Design.pptx
IOT Network architecture and Design.pptxIOT Network architecture and Design.pptx
IOT Network architecture and Design.pptx
 
COMPARATIVE STUDY BETWEEN VARIOUS PROTOCOLS USED IN INTERNET OF THING
COMPARATIVE STUDY BETWEEN VARIOUS PROTOCOLS USED IN INTERNET OF THINGCOMPARATIVE STUDY BETWEEN VARIOUS PROTOCOLS USED IN INTERNET OF THING
COMPARATIVE STUDY BETWEEN VARIOUS PROTOCOLS USED IN INTERNET OF THING
 
A Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsA Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of Things
 
IoT.pdf
IoT.pdfIoT.pdf
IoT.pdf
 
internet architecture.pdf
internet architecture.pdfinternet architecture.pdf
internet architecture.pdf
 
Network traceability
Network traceabilityNetwork traceability
Network traceability
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)
 
Internet of things(iot)
Internet of things(iot)Internet of things(iot)
Internet of things(iot)
 
Module 2.pdf
Module 2.pdfModule 2.pdf
Module 2.pdf
 

MITM Attack Intercepts HTTP Traffic

  • 2.  The man-in-the middle attack intercepts a communication between two systems.  For example, in an http transaction the target is the TCP connection between client and server.
  • 3.  The MITM(http) attack is very effective because of the nature of the http protocol and data transfer which are all ASCII based.  There are several tools to realize a MITM attack(http). These tools are particularly efficient in LAN network environments.
  • 4.  tcpdump and wireshark are the tools that can be used to attack the victims in the network nodes.  In this scenario is I am using Wireshark, to attack the vulnerability in between the network nods.  Wireshark is a powerful network protocol analyzer. It can go to the deepest level of packet inspection .
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.  CWE-318: Clear text Storage of Sensitive Information in Executable.  Summary: The application stores sensitive information in clear text in an executable. Extended Description : Attackers can reverse engineer binary code to obtain secret data. This is especially easy when the clear text is plain ASCII. Even if the information is encoded in a way that is not human readable, certain techniques could determine which encoding is being used, then decode the information.