Vishnu Ramineni

Apr 5, 2020

4 min read

HTTP MiTM on Hike Messenger allows the attacker to see group conversations, attachments

TL;DR

MiTM (man-in-the-middle) attack is a type of cyberattack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other.

Attacker intercepts between client and server
Steps involved in MiTM attack
  • Interception
  • Decryption
  • IP Spoofing
  • ARP Spoofing
  • DNS Spoofing
  • HTTPS Spoofing
  • SSL Beast
  • SSL Hijacking
  • SSL Stripping
VIT uses pronto networks captive portal
POST request data of hike messenger API
Swiss Army knife for wireless attacks
Command to start the MiTM with bettercap
Verbose after the execution of attack
Ettercap tool for MiTM attacks
  • Avoiding WiFi connections that aren’t password protected.
  • Paying attention to browser notifications reporting a website as being unsecured.
  • Immediately logging out of a secure application when it’s not in use.
  • Not using public networks (e.g., coffee shops, hotels) when conducting sensitive transactions.