查看文章

A man-in-the-middle (MitM) attack enables threat actors to position themselves in a conversation between two parties. It can be used to eavesdrop on, or impersonate, either of the parties and may enable the perpetrator to steal personal information, including login credentials, payment card data and account details. By leveraging the hijacked information, the attacker can perform an unsanctioned password change, commit identity theft, authorise money transfers, and so on. This article re-examines MitM against HTTPS by both briefly referring to its constituents and assessing its feasibility on modern browsers. We show that under certain circumstances, specific variations of MitM can be effective on all mainstream browsers using cheap, pocket-sized hardware, open-source software and a script-kiddie level of understanding.