How to do it: MITM

Linux terminal style, rendered cards, and a defense-first walkthrough showing how a middle path is detected and blocked.

Linux terminal Rendered preview Defense first
Back to demo
Safe learning mode: this page keeps the MITM lesson visual and code-first, but focuses on inspection, warning signs, and hardening rather than misuse.

Card 1 — inspect the network path

Start by showing the expected route, gateway, and local neighbor table from a Linux shell.

Terminal + Code
user@lab:~
$ ip route | grep default default via 192.168.1.1 dev wlan0 $ arp -an ? (192.168.1.1) at aa:bb:cc:dd:ee:ff baseline looks consistent

Baseline inspection commands

These commands help explain what a normal network path should look like before any warning signs appear.

# Show the default gateway
ip route | grep default

# See local ARP / neighbor entries
arp -an
ip neigh show

# Teach: if the gateway or MAC suddenly changes, investigate.

Card 2 — recognize interception warnings

Use terminal output to show the red flags that appear when traffic is being relayed or altered.

Terminal + Code
certificate check
$ curl -Iv https://portal.example SSL certificate problem: self-signed certificate subject differs from expected host browser would show a warning here

Safe verification commands

Use these to teach people how to confirm whether the path and certificate still look trustworthy.

# Check headers and TLS response
curl -Iv https://portal.example

# Inspect the presented certificate fingerprint
openssl s_client -connect portal.example:443 -servername portal.example \
  | openssl x509 -noout -fingerprint -sha256

# If the cert looks wrong, stop and verify the network.

Card 3 — visualize the risky middle path

This card explains the concept: an untrusted relay in the middle can observe plain traffic or trigger certificate warnings.

Rendered + Code
Client device → wants the real service
Untrusted middle relay → inspects or alters the path
Real service → only safe when identity is verified
plain HTTP is readable in transit

Concept flow in terminal style

Keep this part conceptual and readable so the audience understands the path without turning it into misuse instructions.

# Conceptual flow
client  --request-->  network path  --request-->  service

# Risk
If the path is not protected, a middle relay can see or change data.

# Protection
HTTPS + trusted certificates + VPN reduce what the middle can do.

Card 4 — harden the session

Finish the page with Linux-friendly defense steps: update, verify, encrypt, and avoid untrusted access points.

Terminal + Code
Protected connection
VPN on, HTTPS valid, suspicious cert rejected, and the route checked before login.
trusted channel

Defense-side terminal checklist

Use the shell look to end on practical protection steps.

# Keep the system current
sudo apt update
sudo apt upgrade

# Check DNS and active connections
resolvectl status
nmcli connection show --active

# Server-side HTTPS hardening example
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

# Rule of thumb:
Never ignore certificate warnings on public Wi-Fi.