HACKING 17 Most Dangerous Hacking Attacks (2017)
Chapter 2 – Man in the Middle
Man in the middle indeed what the name implies, therefore someone would be sitting and listening to the source and the destination while traffic flow would be generated.
Additionally listening and capturing traffic, the man in the middle can copy and save all the traffic, then all that can be replayed and analyzed in more depth.
In Volume 2 I have explained in greater details the reasons why implementing and becoming a Man in the Middle is beneficial for Ethical Hackers as well Security Engineers, however, if you have not gone through that book yet, I would highly advise you to do so to get the most out of this book.
A quick recap on that subject was an example that you as Security Engineer might have to analyze a newly designed application, making sure it has no vulnerabilities that can be exploited before it would be used in a Production Environment.
I have explained by using BurpSuite could be an excellent option that would not only be used to implement a Man in the Middle attack but analyze packets in more depth. As I mentioned, BurpSuite can be one of the best software for the purpose of monitoring and understanding exactly how a new Application would behave once in use. To have BurpSuite functioning, the only method would be to become a Man in the Middle.
Once you are a Man in the Middle, you are becoming the Endpoint to both, the source as well to the destination. Monitoring traffic flow in an authorized manner is very common amongst Security Engineers. However, there is a dark side to it too that I will now begin to explain.
The reality is that once there is a Man in the Middle between your laptop and your router, you might never even find out. That’s scary. However, it’s the sad true. Man in the Middle attack can be implemented in many different ways, and I have explained and applied the three most common ways that hackers could use against victims in the Book:
Volume 2 – 17 must-have tools every Hacker should have
By someone listening to your traffic could mean that everything you type in the computer could be recorded and analyzed in depth. Everything means your usernames and passwords to all websites you would visit, of course, the list of all those sites you would visit, anything you download from the internet or able to access, including all your Bank Details, all your social networking details, e-mails, and the list goes on.
Your data is very much considered a highly valued information to hackers and they would try to leverage on it in multiple ways.
Black hat hackers can listen to your traffic flow in monitoring mode. However they would also try to redirect your traffic for affiliate frauds, so your wouldn’t get the response that you meant to be, and many people would just believe that thinks have changed with a particular website as they not seem to appear as they used to be.
That’s right; once a Black Hat hacker would have gained enough information from your browsing habits, and find it that you do visit eBay 5-10 times a day, the Hacker would try to use some template and manipulate you to visit a fake eBay website. Taking it further, the Hacker with evil intention would be trying thinks like you forgot to purchase an individual Item, the one that got stuck in your browsing history, of might have been learned from your browsing habits. Then the Hacker would try to make you pay for an item on a fake website, using PayPal or other paying methods used over the Internet. Once you would be presented with the payment link after you would type your details, it wouldn’t work.
If you already know the reason why then congratulations! The answer is indeed to steal your PayPal information by what you would type into the fake PayPal link.
This time you don’t make any payment, however, the Hackers would have logged all the information already that would be enough for them to make any other real Payments on other platforms, but believe it or not, this is happening all the time, day and night all over the word in every minute. So the cherry on the top is that these type of hackers wouldn’t use your information to purchase items or products on the internet. Instead, they would sell them in batches on the dark web for an average price of 10x Units of Credit Card Details + passwords for the mean price of $5.
Sure the price is not always same, and if these Man in the middle attacks were implemented on a large Company’s systems, Black Hats would have full access to financial purchases that the Company would frequently participate, and once they would identify that, they would raise the price of the Black Market. Typically they would ask for a price in worth of dollars. However, they would ask to get paid in Bitcoin to be untraceable. Therefore they never would be found.
Redirected traffic might results as an affiliate fraud, so they would begin to make you advertising certain websites by manipulating into seeing ads that you might be interested, and that’s where they would introduce some malware, such as spyware.
Injecting payload into existing traffic:
Additionally, Blackhat Hackers would be able to insert the particular payload into the flow by changing some of the details of the traffic, and this could be implemented in both ways.
Some of these injecting methods might be changing the source details telling the destination that the address of origin should be the Hackers laptop. Therefore they would receive the answer first. The other way to implement these techniques is not touching the source details. However the destination details would be analyzed and changed, so the end users or victims would receive a different web page and not the one that they have asked for in the first place.
This could happen in many forms too, and hackers could be sending back to the source a fake web page that would ask you to download a fake JAVA application that required to proceed to the internet page.
Another way might be that you could be receiving a message similarly to JAVA application but this time it would be ADOBE reader upgrade would be required to proceed to the web page. The issue is that recognizing the exact upgrade requirements and the fake ones are tough. Therefore you might do a test by asking someone else if they would visit the same web page what would be the outcome. In case it’s not the same, then you should be able to recognize that probably someone else is sitting between your computer and your destination.