Ethical Lab v1.0

MITM ATTACKS

// OPEN WI-FI IS DANGEROUS

_CYBER SECURITY AWARENESS WORKSHOP

Educational Purpose Only

SYSTEM_INIT: INTRODUCTION

TARGET: YOU

In a digital world, your data is currency. Students are high-value targets for identity theft.

THREAT: WI-FI

Public networks (Cafes, Airports) are unsecured battlegrounds.

OBJECTIVE

Learn the attack methods to build better defenses. Knowledge = Firewall.

Concept_Mode

DEFINING THE ENEMY

>> MAN-IN-THE-MIDDLE

A cyberattack where a perpetrator secretly intercepts and relays messages between two parties who believe they are communicating directly.


root@hacker:~# ./analogy.sh

> Executing...

"Imagine passing a note in class. A bully sits in the middle, reads the note, changes 'I like you' to 'I hate you', and passes it on. You never know it was changed."

MITM Diagram
Network_Traffic_Analysis

VISUALIZING THE ATTACK

  • INTERCEPTION: Attacker sits between Victim and Router.
  • RELAY: All your data flows through the Attacker's machine.
  • STEALTH: Internet still works, so you suspect nothing.
  • SNIFFING: Passwords, chats, and images are captured.
Attack Diagram
Warning: Unsecured Network

THE TRAP: OPEN WI-FI

NO ENCRYPTION

Open networks send data in "Clear Text". Anyone with a $20 antenna can read it from the air.

THE LURE

Hackers use names like "Free_Airport_WiFi" or "Starbucks_Free". Humans trust the word "FREE".

"It's easy. Any teenager with Kali Linux can do it."

Live_Environment

LIVE DEMONSTRATION

// DO NOT ATTEMPT WITHOUT AUTHORIZATION //

KALI LINUX

WIFI ADAPTER

VICTIM PHONE

Attack_Vector: Evil Twin

EVIL TWIN ATTACK

Fake Login Page
  • CLONING: We copy the exact name (SSID) of a real network.
  • SIGNAL BOOST: We make our signal stronger than the real router.
  • AUTO-CONNECT: Your phone sees the familiar name and connects to US, not them.
  • CAPTIVE PORTAL: We show a fake "Login with Facebook" page to steal credentials.
Data_Breach

CREDENTIAL HARVESTING

CAPTURED DATA LOG:

> timestamp: 10:42:15 AM

> source: 192.168.1.15 (iPhone)

> url: www.fake-facebook-login.com

> username: student_cool_guy

> password: P@ssword123 _

"The user handed over the key voluntarily."

Encryption_Check

HTTP vs HTTPS

HTTP

"The Postcard"

Anyone can read the back of a postcard.

pass = 12345

HTTPS

"The Armored Truck"

Data is scrambled.

x8s#9@f$2!k

Security_Protocols

DEFENSE PROTOCOLS

USE 4G/5G

Disconnect from Wi-Fi. Use mobile data for sensitive tasks.

USE VPN

Creates an encrypted tunnel even on dirty networks.

HTTPS ONLY

Never type a password if the Lock Icon 🔒 is missing.

System_Shutdown

FREE WI-FI IS NEVER FREE.

YOU PAY WITH YOUR PRIVACY.

> Keep your shields up.

> Trust no one.

> _