• How can a bad guy watch without you knowing? • Man-in-the-middle Redirects your traffic Then passes it on to the destination You never know your traffic was redirected ARP poisoning ARP has no security

What if the middleman was on the same computer as the victim? The calls are coming from inside the browser! Malware/Trojan does all of the proxy work Huge advantages for the bad guys Relatively easy to proxy encrypted traffic Everything looks normal to the victim The man-in-the-browser waits for you to login to your bank And cleans you out

Man-in-the-Middle Flashcards by Pat Man

Man -in- the-middle

• How can a bad guy watch
without you knowing?
• Man-in-the-middle

Redirects your traffic
- Then passes it on to the destination
- You never know your traffic was redirected
ARP poisoning
- ARP has no security

How well did you know this?

Not at all

Perfectly

Man-in-the-browser

What if the middleman was on the same computer as the victim?
- The calls are coming from inside the browser!
- Malware/Trojan does all of the proxy work
Huge advantages for the bad guys
- Relatively easy to proxy encrypted traffic
- Everything looks normal to the victim
The man-in-the-browser waits for you to login to your bank
- And cleans you out

How well did you know this?

Not at all

Perfectly

Brainscape's Knowledge GenomeTM

Man-in-the-Middle Flashcards

Brainscape's Knowledge Genome^TM