Man in the Middle - Hacker's Playground

Shariq Malik

  • Shariq Malik Lahore Garrison University
  • Malik Lahore Garrison University
Keywords: Keywords: MitM (Man-in-the-Middle), Attack, Defense, PKI (Public Key Infrastructure), Security


There has been an increase in potential sources of threats to the security of information systems and data
of governments, companies and individuals in the present day, due to the growing number of
information systems types and devices, the expanding availability of freely-downloadable open source
tools, the degree of interconnectivity made possible by the internet, and the concentration of more selfhelp
power in the hands of individual end users. A numerically-insignificant number of the total
population of information systems end users is made up of black hat users who have caused significant
economic losses and reputational damages for organizations and governments through exploitation of
security vulnerabilities. One of the most common and widespread security threats is that of Man-in-the-
Middle (MitM), which has remained a major source of concern to security professionals for many years,
and continues to pose a threat to information security as the focus of attack continues to be data, and the
black hat users continue to look for new ways to circumvent security safeguards implemented for
existing technologies and countermeasures planned for new and emerging technologies. Many papers
have been written about Man-in-the-Middle attack, that have described different kinds of such attacks
and explained solutions to the attacks but not illustrated how the attack can be carried out and showed
how the risks arising from such attacks can be mitigated. This paper presents a step-by-step account of
one way in which MitM attack can be realized and how the confidentiality and integrity of data can be
prevented from being compromised through use of PKI (Public Key Infrastructure).