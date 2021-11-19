Kit to detect Phishing MitM attacks

A Phishing attack It basically consists of sending the victim a link that takes him to a fake website where he has to put his data. For example, a website that pretends to be a bank page, a portal to log in to email or any social network such as Facebook. The problem is that when the user logs in, the password is sent to a server controlled by the attackers.

But if we talk about Phishing MitM it is different. In this case, the attacker is not going to create a fake website, but is going to place himself in the middle between the victim and the final server. For example, if someone logs in from their computer to Facebook, that attacker will intercept the keys that they send to the social network in order to enter. This is known as Man in the Middle or MitM. What it does is reflect the content in real time and thus steal the data.

So, how does the method devised by this group of researchers to detect Phishing MitM attacks work? It is based on a classifier of machine learning which uses different network-level functions, such as fingerprints, to be able to detect potential Phishing websites hosted in Phishing MitM Toolkits on reverse proxy servers.