Man-in-the-middle attack:

Man-in-the-middle attack:

Sadaf Muhammed Sadaf Muhammed

Sadaf Muhammed

Self taught MERN stack developer, Specialist in Rest API Node js React js Mongodb Firebase Express js Postgresql HTML CSS Bootstrap Ajax Javascript AWS and DigitalOcean Cloud

发布日期: 2024年3月20日
+ 关注
Man-in-the-middle attack: When an attacker can sit and observe or modify the content of a private conversation

There are so many points where a man-in-the-middle attack can take place:

  • Starts with a device (PC, tablet, mobile, IoT, etc)
  • In a typical request, that data is sent through as an HTTP request to a WAP (wireless access point) router
  • The router then sends that data out over external infrastructure
  • ISP → Internet service provider which facilitates internet connectivity
  • ISP then sends a request out to all over the world (as the destination server could literally be anywhere)
  • The request then lands on the destination server
  • Then response gets sent back via all these nodes before it reaches the user device

If we have traffic where authenticity, integrity, or confidentiality is important, then we should always send that via an HTTPS connection. Anytime we send via an HTTP connection, we should automatically assume it can be observed by an attacker.

要查看或添加评论,请登录

Sadaf Muhammed的更多文章

  • Three primary scopes of testing in penetration testing
    2025年1月26日

    Three primary scopes of testing in penetration testing

    simplified explanation of the three primary scopes of testing in penetration testing: 1. Black-Box Testing What it is:…

  • Penetration test
    2025年1月26日

    Penetration test

    The battle of legality and ethics in cybersecurity, let alone penetration testing is always controversial. Labels like…

  • finding and exploiting an unsed API endpoint in lab
    2024年7月16日

    finding and exploiting an unsed API endpoint in lab

  • Transport Layer Protection (TLP)
    2024年3月20日

    Transport Layer Protection (TLP)

    It seems like you're referring to "Transport Layer Protection" (TLP) as an acronym. However, TLP commonly stands for…

  • Persisting authentication state via cookies
    2024年3月20日

    Persisting authentication state via cookies

    HTTPS is a stateless protocol → Uses unique auth cookies instead Risk of sending cookies over insecure connections…

  • How to write an Effective Bug Report
    2024年3月16日

    How to write an Effective Bug Report

    Writing an effective bug report is crucial for efficient communication between testers and developers. A well-crafted…

  • Exploiting XXE via image file upload
    2024年2月14日

    Exploiting XXE via image file upload

    XXE (XML External Entity) vulnerabilities typically arise when an application parses XML input from an untrusted source…

  • What is XML external entity injection?
    2024年2月13日

    What is XML external entity injection?

    What is XML external entity injection? XML external entity injection (also known as XXE) is a web security…

  • XXE ATTACKS TYPES
    2024年2月13日

    XXE ATTACKS TYPES

    What are the types of XXE attacks? There are various types of XXE attacks: Exploiting XXE to retrieve files, where an…

社区洞察

其他会员也浏览了