The demo is based on a website built of PHP and CSS for an hypophetical record´s e-com. THis application was hosted in an AWS EC2 server and cached in AWS Cloudfront. Beside that there was a public domain (maxhomelabrecords.ml) for it and AWS Route 53 defined Amazon DNS servers were in charge of answering for queries on that domain name.

The website was fully accessible: Cloudfront mapped to the domain name and it was pointing to the application.

So, an arp spoof attack was performed using Main In The Middle Framework (MITMF) from a third party machine running Parrot OS Linux Distro. The attacker sent spontaneous arp messages towards a target computer on the same local network.
This way the target send its HTTP(S) to the attacker thinking it is the gateway but actually that´s just a middleman that can see someone else´s traffic and this is the reason the attack is so call Man-In-The-Middle.

 

Wireshark running on Parrot could view the network traffic between target and gateway in detail. As an initial test maxhomelabrecords.ml was accessed and the form in its homepage was filled and then submitted. Wireshark reconstructed the web site content code by using a GET request display filter. The data sent upon the form submission was viewed by a POST display filter.
After that, in order the solve this privacy issue, a digital certificate was created at AWS Cerficate Manager to be applied to the application. At last the certificate was binded to cloud front and domain name.
So another MITM attack was performed and the tageted computer tried to visit the website through a secure connection (HTTPS). Wireshark was not able to view de apllication contente nor the data submitted from the form because all HTTPS traffic was encrypted.

 

---