Man-in-the-Middle (MitM)

Security+ 🏆 • Network Attacks 🎯 • Network Security 🌐 • Threats ⚠️ • Difficulty: free

Definition

A Man-in-the-Middle attack occurs when an attacker secretly intercepts and potentially alters communication between two parties who believe they are talking directly to each other. MitM attacks can be used to steal credentials, monitor sensitive data, or modify messages in transit, especially when traffic is unencrypted or trust is misconfigured.

Examples

An attacker sets up a rogue Wi-Fi hotspot and captures login traffic from users who connect to it.
A compromised network device performs SSL stripping or certificate tricks to observe web sessions.

Discover 🔎

When people think about hacking, they often imagine breaking into a server. MitM attacks are different. The attacker does not always need to break into either endpoint. Instead, they place themselves in the middle of a conversation. If they can see the traffic, they can steal information. If they can change the traffic, they can redirect victims, inject malicious content, or manipulate transactions.

Remember: MitM is about position. If the attacker can sit between two parties, they can observe and sometimes alter what is exchanged.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.