MITM via Proxy Example
9. MITM via Proxy Example
Now your associate does his online banking, and you sit in the middle and watch him do it, get his username and password information, and alter information that he is transacting with. Most importantly, when he decides to log out of the bank, you give him a "bye-bye" message and actually keep open the link between your computer and the bank's server, so you can keep accessing his account.
This is a serious attack.
There are two products - again freely available - that allow you to demonstrate this behavior: ACHILLES and BURP proxy software.
Above is the BURP user interface.
You will see that the proxy program mimics the MITM receives your browser request for an Internet page.
Upon selecting to forward that page, the result is again returned to the proxy.
As a simple example, set up your proxy in your browser options screen. Now all traffic will travel through your proxy software. In the browser, look for Google. In the search screen type "achilles proxy" and submit.
You will see the HTTP request show up in the proxy.
In the intercept tab, look for the word "achilles".
Change that word to "burp".
- Previous page Fatal Flaws In The SSL Secured World
- Next page MITM via Proxy Example, Continued
