Man-in-the-Middle Attacks

On this page, we dive into Man-in-the-Middle Attacks and how you can prevent them using DevRIFT.

Man-in-the-Middle (MITM) attacks are a type of cyber attack where the attacker intercepts communication between two parties in order to gain access to sensitive information or to alter the communication in some way.

You can use the DevRIFT API to recognise, prevent and stop MITM attacks.

This is a paid feature. Requests to the API will be rejected if you do not have a valid subscription.

How MITM attacks work

MITM attacks are a type of eavesdropping attack where the attacker intercepts communication between two parties in order to gain access to sensitive information or to alter the communication in some way.

The attacker can intercept the communication in a number of ways:

  • By using a rogue access point to intercept traffic between a client and a server.
  • By using a rogue access point to intercept traffic between two clients.

How to prevent MITM attacks

A good way to prevent MITM Attacks is to use Digital Signatures. Digital Signatures are a way to verify that the data you are receiving is authentic and has not been tampered with.

You can use the DevRIFT API to verify that the data you are receiving is authentic and has not been tampered with.

How to use the DevRIFT API to prevent MITM attacks

First you'll need to add the DevRIFT JavaScript SDK to your website.

<script src="https://js.devrift.co/v1"></script>

Then you'll need to initialise the DevRIFT SDK with your Publisher key.

<script>
    // Add your Publisher Key here
    devrift('pk_test_barfoo...');
</script>

Now whenever a form is submitted, the DevRIFT SDK will automatically add a header field in the request containing with the DevRIFT signature.

You'll then need to verify the signature on the server-side. To do this you should first check if the signature is present in the request. If it isn't present, then you should reject the request.

We recommend using a DevRIFT SDK for this as it will automatically check if the signature is present and verify it for you.

Using the PHP SDK

use DevRIFT\DevRIFT;

$devrift = new \DevRIFT\DevRIFT::setApiKey("sk_test_foobar...");

if ($devrift->verifySignature()) {
	// The signature is valid
} else {
	// The signature is invalid
}