Man in the Middle Attack (MITM) is a long-standing network intrusion method, and there is still a wide range of development space today . Attacks such as SMB session hijacking and DNS spoofing are typical MITM attacks. In short, the so-called MITM attack is to intercept normal network communication data, and tamper with and sniff the data , but both parties of the communication are unaware.

With the continuous development of computer communication network technology, MITM attacks are becoming more and more diverse. Initially, as long as the attacker puts the network card into promiscuous mode and pretends to be a proxy server listening to specific traffic, the attack can be implemented, because many communication protocols are transmitted in plain text, such as HTTP, FTP, Telnet, etc. Later, as switches replaced hubs, simple sniffing attacks were no longer successful, and ARP spoofing was necessary. Today, more and more service providers (online banking, E-mail) began to use encrypted communication, SSL (Secure Sockets Layer) is a widely used technique, HTTPS, FTPS are all built on the basis of its