Evil twin and man-in-the-middle attack II
Man-in-the-middle attacks are not a new concept. However, they were not viewed as a serious threat until recent years where sophisticated versions of such attacks sent the financial industry into a flurry, introducing new initiatives such as new bank tokens to counter the onslaught of such attacks....
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2013
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/52803 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-52803 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-528032023-03-03T20:48:59Z Evil twin and man-in-the-middle attack II Loh, Jing Lun. Leong Peng Chor School of Computer Engineering DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks Man-in-the-middle attacks are not a new concept. However, they were not viewed as a serious threat until recent years where sophisticated versions of such attacks sent the financial industry into a flurry, introducing new initiatives such as new bank tokens to counter the onslaught of such attacks. This project aims to design and execute proof of concept Man-in-the-middle attacks using free ware available over the Internet to showcase inherent vulnerabilities in WI-FI networks that can be exploited. Through these experiments, it can be shown that careless users and users that are less aware of security issues of the Internet can be compromised through such exploits. In this project, a Man-in-the-middle machine is set up in between a legitimate access point and victim devices and the communication streams between them were monitored and analysed for sensitive information like passwords and login information. Contrary to popular belief that HTTPS communications are secure, part one of this project focuses on proving that HTTPS connections can be compromised, by targeting the transition from HTTP to HTTPS. Part two of the project showcases the possibility of a driveby attack through the use of a phishing website in a Man-in-the-middle setup, whereby an illegal download is loaded onto a victim machine without consent. The outcomes of the experiments show that Man-in-the-middle attacks are still relevant and can be easily propagated in today’s society. It also gives a brief glimpse into modern web browsers’ defense mechanism, especially on mobile devices, where security features are small and easily forgotten by careless users. Even though Man-in-the-middle attacks are devastating, a silver lining remains. It is possible to mitigate the dire consequences these threats cause through educating the public to be more aware of web security. Bachelor of Engineering (Computer Engineering) 2013-05-27T07:47:33Z 2013-05-27T07:47:33Z 2013 2013 Final Year Project (FYP) http://hdl.handle.net/10356/52803 en Nanyang Technological University 128 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks |
| spellingShingle |
DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks Loh, Jing Lun. Evil twin and man-in-the-middle attack II |
| description |
Man-in-the-middle attacks are not a new concept. However, they were not viewed as a serious threat until recent years where sophisticated versions of such attacks sent the financial industry into a flurry, introducing new initiatives such as new bank tokens to counter the onslaught of such attacks.
This project aims to design and execute proof of concept Man-in-the-middle attacks using free ware available over the Internet to showcase inherent vulnerabilities in WI-FI networks that can be exploited. Through these experiments, it can be shown that careless users and users that are less aware of security issues of the Internet can be compromised through such exploits.
In this project, a Man-in-the-middle machine is set up in between a legitimate access point and victim devices and the communication streams between them were monitored and analysed for sensitive information like passwords and login information. Contrary to popular belief that HTTPS communications are secure, part one of this project focuses on proving that HTTPS connections can be compromised, by targeting the transition from HTTP to HTTPS. Part two of the project showcases the possibility of a driveby attack through the use of a phishing website in a Man-in-the-middle setup, whereby an illegal download is loaded onto a victim machine without consent.
The outcomes of the experiments show that Man-in-the-middle attacks are still relevant and can be easily propagated in today’s society. It also gives a brief glimpse into modern web browsers’ defense mechanism, especially on mobile devices, where security features are small and easily forgotten by careless users.
Even though Man-in-the-middle attacks are devastating, a silver lining remains. It is possible to mitigate the dire consequences these threats cause through educating the public to be more aware of web security. |
| author2 |
Leong Peng Chor |
| author_facet |
Leong Peng Chor Loh, Jing Lun. |
| format |
Final Year Project |
| author |
Loh, Jing Lun. |
| author_sort |
Loh, Jing Lun. |
| title |
Evil twin and man-in-the-middle attack II |
| title_short |
Evil twin and man-in-the-middle attack II |
| title_full |
Evil twin and man-in-the-middle attack II |
| title_fullStr |
Evil twin and man-in-the-middle attack II |
| title_full_unstemmed |
Evil twin and man-in-the-middle attack II |
| title_sort |
evil twin and man-in-the-middle attack ii |
| publishDate |
2013 |
| url |
http://hdl.handle.net/10356/52803 |
| _version_ |
1759855240804302848 |