100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Cybersecurity

Man-in-the-Middle Attack

IntermediateConcept1.9K learners

A man-in-the-middle (MITM) attack occurs when an attacker secretly intercepts, and potentially alters, communication between two parties who believe they are communicating directly with each other.

Definition

A man-in-the-middle (MITM) attack occurs when an attacker secretly intercepts, and potentially alters, communication between two parties who believe they are communicating directly with each other.

Overview

MITM attacks position the attacker between a client and a server — for example, on an unsecured public Wi-Fi network, through DNS spoofing, or via a compromised router — so that traffic passes through the attacker before reaching its intended destination. Without protection, the attacker can read sensitive data such as login credentials, session tokens, or financial details, and in active variants can modify traffic in transit, such as injecting malicious content into a downloaded file. Transport Layer Security (TLS) is the primary defense: it encrypts traffic between client and server and uses certificates issued by a trusted Certificate Authority to verify the server's identity, making it extremely difficult for an attacker to intercept and decrypt traffic without detection. Common MITM techniques include ARP spoofing on local networks, rogue Wi-Fi access points, DNS spoofing, and SSL stripping (downgrading an HTTPS connection to plain HTTP). Defending against MITM is a core theme in Security & Networking Foundations, since it sits at the intersection of network design and cryptography.

Key Concepts

  • Attacker secretly relays and can alter communication between two trusting parties
  • Common vectors include ARP spoofing, rogue Wi-Fi, DNS spoofing, and SSL stripping
  • TLS/HTTPS with certificate validation is the primary defense
  • Can be passive (eavesdropping) or active (modifying traffic)
  • Public, unsecured Wi-Fi networks are especially vulnerable environments
  • VPNs add an encrypted tunnel that reduces MITM exposure on untrusted networks

Use Cases

Credential theft — intercepting login forms submitted over unencrypted connections
Session hijacking — capturing session cookies or tokens in transit
Financial fraud — altering payment details in an intercepted transaction
Corporate espionage — eavesdropping on unencrypted internal communications
Security testing — pentesters simulate MITM scenarios to validate encryption coverage

Frequently Asked Questions

From the Blog