Definition: An onpath attack is when an attacker intercepts and possibly alters communication between two devices without the knowledge of the devices involved.
Also Known As: Referred to as a "man-in-the-middle" attack.
Effect: Victims are unaware of the attack, making it effectively invisible.
Types of Onpath Attacks
1. ARP Poisoning
Definition: Occurs on a local IP subnet, requiring the attacker to be on the same subnet.
Why It Works: ARP lacks security/encryption, making it easy to exploit.
Process:
Devices use ARP (Address Resolution Protocol) to resolve MAC addresses from IP addresses.
An attacker sends falsified ARP responses to alter the ARP cache on victim devices.
As a result, traffic from the victims is redirected through the attacker’s device.
Example Scenario
Devices Involved:
Laptop: IP - 192.168.1.N, MAC - ends in 38d5.
Router: IP - 192.168.1.1, MAC - ends in bbfe.
Attacker: IP - 192.168.1.14, MAC - ends in eeff.
Attack Steps:
The attacker sends a spoofed ARP response claiming to be the router.
The victim devices update their ARP cache with the attacker's MAC address.
Traffic is now rerouted through the attacker's device, allowing interception and modification.
2. Onpath Browser Attack
Also Known As: Man-in-the-browser attack.
Mechanism: Involves malware or a trojan on the victim device acting as a proxy.
Capabilities:
Can intercept and redirect traffic even if encrypted.
Captures sensitive information like usernames and passwords.
Attacker can initiate secondary sessions (e.g., unauthorized transactions) without the victim's awareness.
Implications
Security Risks: Unauthorized access to sensitive information and potential financial loss.
Visibility: Attacks are stealthy, making detection difficult for the victim.
Prevention: Requires securing network protocols and monitoring for anomalous activity.