Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of "what is the man-in-the-middle attack on the server". The editor shows you the operation process through the actual case, and the operation method is simple, fast and practical. I hope this article "what is the man-in-the-middle attack on the server" can help you solve the problem.

The so-called man-in-the-middle attack is the addition of malicious attacker C to the communication between An and B. C acts as a middleman to forward the requests of both.

The schematic diagram is as follows:

Message sender An attacker C message receiver B "1. Please send your public key "" 2. Please send your public key "" 3. This is my public key "4.C intercepts B's public key and replaces it with C's public key" A mistakenly thinks that he received B's public key, but actually uses C's public key to encrypt the ciphertext to B, encrypts it with C's public key, 6.C intercepts information, decrypts it with his own private key, and forges new information. Encrypt with B's public key and send it to B "B decrypt with private key" message sender An attacker C message receiver B.

The above is a complete flow of man-in-the-middle attacks:

An asks B for a public key, but it is intercepted by C.

C sends a public key request to B.

B sends the public key to C.

C intercepts the public key of B and sends it to An instead of its own.

A regards the public key of C as the public key of B, encrypts the information with it, and sends it to B.

C intercepts the encrypted information and decrypts it with his own private key to get the plaintext. At the same time, the new information is forged, encrypted with the public key of B, and sent to B.

B gets the encrypted information and decrypts it with his own private key.

The man-in-the-middle attack is not only aimed at the RSA algorithm, but any public key algorithm may be affected by the man-in-the-middle attack.

The public key alone cannot defend against man-in-the-middle attacks. At this point, we need a third-party trusted organization to solve the problem of public key delivery, that is, certificates. We will talk about it in a later article.

This is the end of the content about "what is the man-in-the-middle attack on the server". Thank you for your reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.