I am not sure what leads you to answer this way, but I assure you that HTTP, like any other unencrypted network traffic, does inherently allow undetected tampering by any middleman.
While it's highly unlikely that threat actors would be lurking in trusted networks and devices on such a network path, they definitely don't need to use shared WiFi or ARP spoofing if they have control of a core router or transmission line. That's the very essence of MITM attacks.
What leads people such as yourself to start a response this way? "I'll respond to you but first I'm going to feign ignorance of how you could even say that in a way that adds absolutely nothing to the discussion." I perceive this as exceptionally rude. Am I alone in that?
> does inherently allow undetected tampering by any middleman.
Yes. And did I describe methods by which you can hijack connections to /become/ the middleman? Perhaps you missed the subtle detail.
> That's the very essence of MITM attacks.
The popularized attacks you're describing became popular because they were done with the techniques I described in places like Starbucks and other businesses with open Wifi networks. Here it is, literally:
Well, I interpreted your reply as implying that the only vectors possible were shared WiFi or ARP spoofing. If you merely intended to offer two examples, then it makes more sense. But I am still not sure why your answers are so irrelevant!
So, I am still unsure that you are clued in here, because the article you have linked to has nothing at all to do with tampering in-flight TCP streams, only sniffing them. Perhaps you do not understand how these principles differ. This shared WiFi scenario certainly permits eavesdropping on unencrypted channels, and that’s a danger that’s distinct from actual MITM.
You claim we’re describing the same thing but we are not.
> did I describe methods
No, actually you didn’t — you named one vector and one mostly unrelated LAN attack. ARP spoofing may be a stepping stone, but not really central.
The attack you describe happens at the application layer, in fact. It doesn’t even need to use TCP. You’re simply stealing someone’s credentials and reusing them in a new browser session. There’s really no way to legitimately describe this as “MITM” — or “tampering” at all. [Your Wikipedia article does not use these terms.]
And in a typical Starbucks installation, nobody would realistically attempt to tamper with in-flight TCP streams. Because that attack would involve some elaborate setup, presenting a higher challenge than the Firesheep attack. I am sure you could explain and describe the former, if you understand the underlying principles.
No, the classic MITM attacks on http do involve neither WiFi nor ARP, but simply interposing malicious code somewhere else on-path. [Actually it is not necessarily malicious, because NAT gateways work by modifying TCP streams too!] That’s why a newer name is called “on-path attack”. And you seem to have omitted that scenario from your comments.
Yeah, I don't think it was people snooping on Facebook posts that caused the adoption of TLS at a widespread level. It was the fact that companies realized the NSA & their competitors would use it to attack them at every level.
You don't need ARP spoofing or anything like that to intercept a plaintext communication when you control the ISP
Yes, the IETF and Mozilla really put NSA in their place with SSL, but the publicized, primary reason for adoption was eCommerce.
As the NSF handed control of the backbone to Sprint and commerce was finally permitted, the vendors campaigned to secure http lest the consumer’s personal data and credit card details were snooped and scooped while in-flight.
The Internet was incubated in a high-trust environment and every collegiate sysadmin was secretly employed by the NSA (except for Chris Siebenmann who is a North Korean sleeper agent). Once they were able to receive paychecks from Jeff Bezos instead, they began installing malware on routers to replace porn with videos of dancing babies and kittens being totes adorbs.
SSL kept our credit cards safe from the NSA and our porn is no longer sponsored by the ASPCA. Whew.
While it's highly unlikely that threat actors would be lurking in trusted networks and devices on such a network path, they definitely don't need to use shared WiFi or ARP spoofing if they have control of a core router or transmission line. That's the very essence of MITM attacks.