Litcius/Paper detail

Revisiting man-in-the-middle attacks against HTTPS

Vyron Kampourakis, Georgios Kambourakis, Efstratios Chatzoglou, Christos Zaroliagis

2022Network Security22 citationsDOIOpen Access PDF

Abstract

A man-in-the-middle (MitM) attack enables threat actors to position themselves in a conversation between two parties. It can be used to eavesdrop on, or impersonate, either of the parties and may enable the perpetrator to steal personal information, including login credentials, payment card data and account details. By leveraging the hijacked information, the attacker can perform an unsanctioned password change, commit identity theft, authorise money transfers, and so on. This article re-examines MitM against HTTPS by both briefly referring to its constituents and assessing its feasibility on modern browsers. We show that under certain circumstances, specific variations of MitM can be effective on all mainstream browsers using cheap, pocket-sized hardware, open-source software and a script-kiddie level of understanding.

Topics & Concepts

Man-in-the-middle attackCommitComputer securityComputer sciencePasswordInternet privacyPaymentLoginIdentity theftAuthentication (law)World Wide WebDatabaseUser Authentication and Security SystemsPrivacy, Security, and Data ProtectionInternet Traffic Analysis and Secure E-voting
Revisiting man-in-the-middle attacks against HTTPS | Litcius