A man-in-the-middle attack by standard definition is a form of active eavesdropping by having an attacker make independent connections with victims. The most common form of man-in-the-middle attacks are between host systems. Not too long ago, a vulnerability was found that abused the system that moves people from insecure to secure web pages. This gives attackers the ability to eavesdrop on users connecting to secure web servers. The next section will cover that vulnerability. Common man-in-the-middle attacks will be covered in later chapters in this book.
In 2009 security researcher Moxie Marlinspike at DefCon released SSL strip. He introduced the concept of SSL stripping, a man-in-the-middle attack in which a network ...