What is MITM? Types of MITM

A Man-in-the-Middle (MITM) attack takes place when a hacker attacks a user and a website. This type of attack happens in different. For example, a fake banking website may be used to capture login information and this fake site is “in the middle” between the user and the original bank website. Hackers can use many methods for using MITM attacks, their main motive is to steal something, like credit card numbers or user login credentials.


One thing that almost all attacks have in common is the hacker who pretending to be someone (or a website) you can trust.

Types of Man-in-the Middle Attacks

1. Wi-Fi Eavesdropping

2. Email Hijacking

3. IP Spoofing Attacks

4. DNS Spoofing

5. HTTPS Spoofing

6. SSL Stripping

7. Session Hijacking

8. ARP Spoofing


Wi-Fi Eavesdropping

WiFi Eavesdropping is a direct process, with hackers setting up a phony free network, The unsecured transmission of data allows for the theft of anything that’s unencrypted, from passwords to information (both personal and business-related). Users who log in to the spoofed network are subject to the same potential theft of data. Finally, it can also occur if hackers are able to gain password access to a protected network.


Wi-Fi Eavesdropping attack happens when a hacker creates its own wi-fi hotspot, called an “Free Wifi.” It makes the connection pretended like the authentic one, down to the network ID and passwords. Users may accidentally (or automatically) connect to the “Free Wifi,” allowing the hacker to snoop on their activity.

Email Hijacking

A hacker compromises a user’s email account and silently waits, gathering information and eavesdropping on the email conversations. They may execute search script that resembles specific keywords, like “bank” or “Transactions.”


Email hijacking works well with social engineering. They might use information from a hacked email account to impersonate an online friend.

IP Spoofing Attacks

In IP spoofing, hackers impersonate the IP address of an authorized device. To the network, the device looks like it’s approved.


This can allow an unauthorized user to infiltrate a network. IP spoofing can also be used in a MITM attack by standing between two systems

DNS Spoofing

A hacker can create a fake DNS server. this is called “spoofing.” The fake server routes a real website name to a fake or different IP address. The attacker can create a phishing website at the new IP address that looks just like a genuine website. An attacker can gain access sensitive information and personal data, once you opened phish website


HTTPS Spoofing

The common method of attack is called HTTPS spoofing, in which an attacker uses a domain that looks similar to target website, that also known as “homograph attack”, the characters in the target domain are replaced with other non-ASCII characters that are very similar in appearance. The user is very unlikely to notice the difference and is rest assured by the browser’s secure connection indication.

For example, Apple might be spelled Apple`.

SSL Stripping

SSL stands for Secure Socket Layer. SSL is the encryption protocol used when you see https:// in front of a web address, not http://. With SSL Stripping the hacker intercepts and forwards traffic from a user. The hacker intercepts and connects to the encrypted site on behalf of the user. The hacker creates a duplicate website to display to the user. The user thinks they are logged in to the original website, but it’s actually that’s a fake one. The hacker has “stripped” the SSL protocol out of the user’s network connection.


Session Hijacking

This type of Man-in-the attack is used to compromise social media accounts. The website stores a “session browser cookie” on the user’s machine. This cookie is invalidated when the user logs off. But while the session is working, the cookie provides identity, access, and tracking information.

Session hijacking is an attack where a user session is taken over by an attacker and the session starts when you log into a service. The attack relies on the attacker’s knowledge of the session cookie, so it is also called cookie hijacking or cookie side-jacking.


ARP cache poisoning

ARP stands for Address Resolution Protocol.


A user sends out an ARP request, and a hacker sends a fake reply. In this case, the hacker is pretending to be a device like a router, which allows them to intercept traffic. This is typically limited to local area networks (LAN) which use the ARP protocol.



, , , , , , , , , , , , , , , , , ,

Leave a Reply