On Path Attack
A type of web server attack where the attacker intercepts comms between two devices and modifies them.
The most common example of an on-path attack is where the attacker intercepts login credentials and then uses them to gain unauthorized access to user accounts.
Attack Methods
| Method | Description |
|---|---|
| Browser Cookie Stealing | Also known as Session Hijacking. The attacker can steal the user's cookies, hijack their session, and gain user account access. |
| IP Address Spoofing | Attacker makes the target's IP address his own, redirecting all traffic to his system instead of the intended recipient. |
| DNS Spoofing | Attacker modifies an address in the DNS record of the target, redirecting the target to a malicious 'evil twin' site. |
| ARP Spoofing and Poisoning | Since ARP has no security, all devices in the same broadcast domain as the rogue host trust the endless, unsolicited ARP replies and poison their ARP caches, and the network interface gets overwhelmed. The target of ARP-based attacks is usually the subnet's default gateway, since that's where all outbound traffic ends up and is the most juicy. ℹ While IPv6 does not use ARP, it is also vulnerable to layer 2 spoofing if the unencrypted Neighbor Discovery (ND) Protocol is used. Abuse of this can be used for router advertisment (RA) spoofing. |
| Email Hijacking | The attacker gains access to and can now monitor a target's email account. |
| HTTPS Spoofing | The attacker uses a website name that looks similar to a legitimate site. |
| SSL/TLS Hijacking | The attacker uses forged authentication keys to both the user and the app/server, effectively monitoring all communications between the two clients. |
| Wi-Fi Eavesdropping | The same thing as an evil twin attack. |