image
hands-on labUsing the Man-In-The-Middle Framework (MITMf) to Bypass HTTPS Strict Transport Security (HSTS)
Intermediate
2h
53
5/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab steps
Starting the Cyber Network Security Lab Exercise
Lab description

This exercise will familiarize you with the Man-In-The-Middle framework (MITMf) and how an attacker might use this toolset to attack clients on your network. The particular attack we will be performing in this exercise will be bypassing the HSTS policy.

The MITMf is a collection of tools, written into an easy to use framework by byt3bl33d3r, which an attacker can use to simplify the construction and execution of Man-In-The-Middle (MITM) attacks. It provides the user with a modular and extensible framework which they can adapt to suit their own needs and carry out a variety of MITM attacks with ease. It includes its own DNS, HTTP and SMB servers to carry out attack features.

You will use MITMf to bypass HTTPS Strict Transport Security (HSTS) in this lab.

This lab is part of a series on cyber network security.

Learning Objectives

Upon completion of this lab you will be able to:

  • Demonstrate how an attacker could use the MITMf to perform a protocol downgrade attack and bypass HSTS.

Intended Audience

This lab is intended for:

  • Cyber and network security specialists

Prerequisites

You should possess:

  • A basic understanding of Windows operating system environments
About the author
Avatar
QA
Training Provider
Students
38702
Labs
161
Courses
1557
Learning Paths
39

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.

Covered topics