In this article I’m going to explain theory, prevention, some practical attacks and forensics related to the Man in the Middle (MitM) attacks to help you understand the risk to your privacy. Those are attacks used to eavesdrop your communication by having access to at least one part of the communication protocol.
Example, Alice sends a letter to Bob and uses Lucifer to deliver it, Lucifer has the MitM position which gives him the ability to read and change the message. Safety of the communication protocol depends Lucifer’s trustworthiness.
Understanding how internet works:
To understand MitM attacks on internet connection, first you have to learn how the internet works in it’s basic form. Three types of devices are used: clients, routers and servers. The most common protocol for client – server communication is Hypertext Transfer Protocol (HTTP). Majority of web browsing, emails, instant messaging etc. is implemented through HTTP.
When you type http://www.deepdotweb.com to your browser, client (you) sends a request for the webpage to the server. The packet (HTTP GET request) is forwarded through several routers to the server. The server then responds with a webpage that gets routed back to client where it is rendered on their screen. It is vital for HTTP messages to be transmitted in a secure manner to ensure privacy and anonymity.
Securing communication protocol:
Secure communication protocol must have each of the following properties:
- Privacy – only the intended receiver is able to read the message
- Authenticity – the identity of communicating parties is proven
- Integrity – confirmation that the message has not been changed in transit
If any one this fails – the whole protocol fails!
Man in the Middle attack on HTTP
In computer networking, the attacker can easily gain MitM position using a technique called ARP spoofing. Anyone on your Wi-Fi can send you spoofed ARP packets and you will unknowingly start sending all your traffic through the attacker instead of the router.
The attacker can then sniff, modify or stop all the traffic. He usually wants you to continue browsing so he will setup a specific port which he will use to forward your requests back and forth.
To prevent such attacks, secure version of HTTP protocol was created. Transport Layer Security (TLS) and it’s predecessor, Secure Socket Layer (SSL) are cryptographic protocols that provide communications security over the network. Both are frequently referred to as SSL and that’s what I will call it; HTTPS means HTTP protocol implemented through SSL. You can instruct your browser to use SSL by requesting https://www.deepdotweb.com (notice the ‘s’ in https).
Man in the Middle attack on poorly implemented SSL
Modern SSL uses good encryption algorithm, but it means nothing if implemented incorrectly. Since the attacker can change the request he is intercepting, he can easily remove ‘s’ from the requested URL which allows the attacker to prevent SSL from ever being used.
You can notice that your connection is being intercepted. If you request https://login.yahoo.com/ and the response is http://login.yahoo.com/ you should get suspicious. This simple attack really works on yahoo email login server at the time of writing.
To prevent this version of attack, servers can implement HTTP Strict Transport Security (HSTS) which simply forces all connections to go through SSL. If the attacker strips ‘s’ in this version, server will not respond with a webpage, but with 302 redirect to protected version (SSL).
This way of implementing SSL is vulnerable to another practical attack – the attacker creates SSL connection to the server, but tricks user into using HTTP.
To prevent such attacks, modern browsers such as Chrome, Firefox and Tor keep track of websites that use HSTS and force SSL connection to them from the client side. Now, the man in the middle has to create SSL connection to the victim. If the attacker has no access to the victim’s browser, MitM has to act as a server in SSL protocol (which is not easy to achieve):
To provide SSL connection to the victim, attacker has to know how to act as a server so let’s dig into technicalities of SSL.
Let’s take a look through hacker’s eyes. Compromising any communication protocol comes down to attacking the weakest link of mentioned three properties (privacy, integrity and authenticity).
SSL uses asymmetric encryption algorithm as opposed to symmetric. In symmetric encryption, same key is used to encrypt and decrypt the data. This is bad for internet protocols because the attacker can always sniff the key during handshake (part where communicating parties choose the key).
Asymmetric encryption involves 2 keys for each participant: public key used for encrypting and corresponding private key used for decrypting data. All you have to do is tell everyone to use your public key and everyone can send an encrypted message only you will be able to decrypt.
How SSL provides the three properties needed for secure communication?
- The connection is private because asymmetric cryptography is used to encrypt the data transmitted. This encryption is not something an average Joe can break so an attacker cannot modify the communications without being detected – integrity.
- Server authenticates itself to the client by sending SSL Certificate signed by Certificate Authority (CA) – a trusted third party. Certificates rely on the fact that only the valid server will have the private key.
If the attacker somehow gets the certificate, he can gain MitM position. Attacker will create 2 SSL connections: one with the server and one with the victim. Server thinks he’s normal client and the victim has no way of detecting the attacker because he provided a certificate ‘proving’ that he is the server.
Your messages are end-to-end encrypted, except on the attacker’s computer where he has full control! This can also improve mentioned attacks because there is no missing ‘s’.
If everything is implemented correctly, the attacker’s best shot lies in manipulating certificates.
A certificate doesn’t have to be forged if the attacker compromises the victim’s browser. In that case he can insert a self-signed certificate to be trusted by default. That’s how the most MitM attacks are done. In other cases, the attacker has to take a bigger challenge – forging a certificate.
Problems with Certificate Authorities
Certificates the server sends to you are issued and signed by Certificate Authorities. Each browser has the list of trusted CAs and you can add or remove any. The problem here is that if you choose to remove for example 3rd biggest authority, you can’t visit any sites that use their certificates because of HSTS or risk of MitM attack.
Certificates and CAs have always been the weakest link of HTTPS connection. Even if everything was implemented correctly and every CA is hackerproof, I still can’t get over the fact that I have to trust some set of people.
Today, that set of people are 650+ organizations capable of issuing certificates – a number I’m sure many of us are not okay with. If any of those get hacked, attacker will get himself all certificates he desires.
Even when there was a single CA, VeriSign, there was an absurd problem – those people that we are supposed to trust to prevent MitM attacks on internet communication – were selling intercept services.
Many certificates were created by hacking CAs on so many levels. Countless exploits have been used to trick the victim in trusting fraudulent certificates. If you are interested in this topic I recommend you to watch Moxie Marlinspike’s talks at DEFCON about it.
Because attacker is sending spoofed ARP packets, you will not see his IP address anywhere, but you should look for MAC address which is specific for each piece of hardware on the network. If you know your router MAC you can compare it with the MAC address of your default gateway to see if it is truly your router.
When you don’t know the router MAC address, you can still notice the attack if you have been monitoring (or logging) the network activity while the attack started. You can use Wireshark to monitor and log the network activity.
Note: if the attacker correctly spoofs the MAC address, there is no way to discover him from victim’s point of view.
SSL is a good protocol because it forces an attacker to do a lot of work forging a certificate if he wants to sniff on your confidential data, but it doesn’t guard you from state-sponsored attacks or skilled hacking organizations.