Meet in the middle is a type of attack that will attack the network. When someone use this tool, they will be able to track the network traffic of their own computer or their local network, or any kind of network. This attack is dangerous due to the fact that it can intercept the traffic of the network. It means that, every data sent through the network can be tracked and be read by this, especially when logging in or signing up to a website.

One of the tools used for this attack is Burp Suite. Burp Suite is a tool that can intercept the network on your computer. In kali Linux, this tool is already available and ready to use.

When you already open the burp suite, click the proxy and turn on the intercept, and then click the option, which will show the default proxy listener which is 127.0.0.1:8000
Using the firefox in kali Linux, go to the preference and search for proxy, click the option and turn on manual proxy and write the default proxy listener that you see on your burp suite.

After you change the proxy into the manual one, try to go to any website. You will not be able to access the page, you need to download the certificate of burp suite since the proxy is not detected in any of the default certificate in the browser. To download the certificate, go to http://burp and you can see a little writing “CA Certificate”, when you click on that you can download the certificate. And then go to the browser again, go to the preference and search for certificate, then add your downloaded certificate there.

If you load the website you failed to access earlier, you will be able now. And if you go back to burp suite, it will show you your network traffic. You will have to be extremely careful when you enter your username and password, because the traffic can show the data and other people can see them!

If you notice, beside the search engine of the firefox, there will be a green lock, and you can view the certification there. It is not authorized so it will give a warning. And the name of the verified by will be different from the normal one. If you want to make it looks like it is a legitimate certification, you can make the certification by yourself and edit the name of the publisher and other thing.