O'Reilly logo

Web Penetration Testing with Kali Linux by Aamir Lakhani, Joseph Muniz

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Man-in-the-middle defense

Man-in-the-middle attacks are difficult to protect against. The attack happens outside of the victim's controlled environment, and when executed properly, doesn't leave an obvious signature that alert the victims involved. MITM is typically the first step of a more sinister attack such as SSL strip. One common way to protect against MITM is ensuring websites use SSL/TLS 3.0. In other words, make sure the websites are accessed using HTTPS or HTTP secure connections. Verifying HTTPS is not as easy as looking for a little green address bar with a lock symbol, because attackers can serve victims certificates to make it appear like the session is secure.

To properly test a HTTP session, examine the certificate and look at the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required