Man-in-the-middle attacks are troublesome when maintaining security. An attacker in a man-in-the-middle position gains powerful levels of leverage, both increasing attack surface while decreasing the ability to defend against attacks. Some dismiss man-in-the-middle attacks as corner cases as they supposedly rarely occur, but how can one claim rarity without a detection method? Introducing MITM Canary, a cross-platform/device open source tool which utilizes remote servers serving static content to launch a battery of tests to detect a variety of man-in-the-middle attacks.
Many of the tests are simple. They download files they already know the contents of over insecure channels and verify the results. Other methods leverage existing techniques in secure communication methods to detect attackers. More specific cases emulate network activity from vulnerable software in order to detect attacks. There are even some local network checks allowing for further protection on commonly used networks.
By observing MITM attacks in an external application, we can enable protective measures, such as disabling network connectivity, alerting the user, or enabling a VPN if one is not already enabled.