Can I detect a MITM attack?

While browsing, you can check every time if the certificate that is presented to you by the website is issued by a legitimate CA or its a fake certificate issued by some CA that your browser trusts. Obviously it is not possible do it manually. So, there are tools that do it for you.

Cert Patrol and Perspective are browser plugins that do essentially that. They keep a note of which domainnames are issues by which CAs (eg. Google=>Thwate, etc.) and many other parameters related to the certificates and will alarm the user if either the CA changes OR if the public key in the cert changes.

These are obviously not detection of MITM, they are more like prevention schemes by detecting that something is odd about the certificate presented by the website.

Also while connecting to a SSH server, it asks for the server fingerprint. I'd be alarmed if my ssh client presents me a new fingerprint after I've previously connected to a server. The server host key gets saved to the known_hosts file after first connection, the only reason the client is asking me to validate the fingerprint again is because either the SSH server has restarted/updated OR I am being MITMed.

Absolute paranoia demands you to call the system admin on phone and confirm the fingerprint by making him speak the key.

Can you detect a MitM attack? Depends on the type of system being attacked and the type of attack.

Say some sophisticated attacker has gotten control of a router upstream between you and the internet in general and redirects your traffic to fake servers under their control for a MitM (e.g., captures DNS requests and gives phony replies to their servers, or uses Network Address Translation (NAT)).

Now let's say you go to http://www.facebook.com and get directed to a http login page under the attackers control. Foreseeably the attacker could throw up a page that mimics facebook's login page, captures your authentication information, and uses that information to connect to the real facebook, and then directs the content from the real facebook to your browser. This could be done near seemlessly with the exception of the hidden form post action not being https on the initial login page. Let's say instead your settings are to always use https for facebook, and you went to https://www.facebook.com. The MitM attack would send red flags to the browser, as the attacker will not have a trusted certificate for facebook.com. Granted, many users would ignore these browser warnings (as sometimes they occur for benign reasons like an expired key or an intranet site not using a self-signed key). This all assumed that the attacker has not additionally managed to hack into facebook and get their private certificates OR compromise a CA (certificate authority) to be able to generate phony certificates trusted by most web browsers OR previously alter your web browser so it trusts/doesn't warn about invalid certificates.

In general with http it is near impossible to detect MitM attacks, but with https your browser should automatically detect and warn you about, unless the attacker has already compromised your system or the system at the other end (including the CA as a system at the other end).

Next example: ssh. Again, uses private-public server keypairs to authenticate computers. So if I frequently ssh into my work machine from my home computer, my home computer has recorded and trusted the public key of my work machine (which is kept in a file ~/.ssh/known_hosts). If a MitM attack was attempted when I am connecting from my home machine, ssh would immediately notice that the MitM machine did not have the private key of my work machine and would not let me login (unless I specifically removed the public key from my known_hosts list; which I would only do if say I upgraded to a new machine or changed the server key). Again, MitM attacks over ssh are very easy to detect unless the attacker either already broke into my work machine as root and copied the private key to a his host OR already broke into my home machine and changed the public key for my work machine recorded in ~/.ssh/known_hosts OR its my first time connecting to the server (and I do not have the server in my known_hosts or recognize its host fingerprint).

Detection of MitM scheme are the basic goal of any authentication protocol. For that to work you need :

• A safe way to get the authentication information (Server certificate, shared key, ...)
• Verify the authenticity of the message exchanged with the server.

The server should do the same with the client. With an symmetric scheme, it should be done easily. When using asymmetric protocols like SSL, you have to :

• Get the server certificate and be able to authenticate it properly
• Communicate with the server using its public key embedded in that certificate, so that no one can decrypt the message
• The server and you will agreed on a shared unique secret to use a symmetric encryption for future connections.