Man-in-the-Middle (MitM)

Sec+ Glossary 📖 • Network Attacks 🎯 • Network Security 🌐 • Threats ⚠️ • Difficulty: free

What is Man-in-the-Middle (MitM)?

A Man-in-the-Middle attack occurs when an attacker secretly intercepts and potentially alters communication between two parties who believe they are talking directly to each other. MitM attacks can be used to steal credentials, monitor sensitive data, or modify messages in transit, especially when traffic is unencrypted or trust is misconfigured.

Examples

An attacker sets up a rogue Wi-Fi hotspot and captures login traffic from users who connect to it.
A compromised network device performs SSL stripping or certificate tricks to observe web sessions.

Discover 🔎

When people think about hacking, they often imagine breaking into a server. MitM attacks are different. The attacker does not always need to break into either endpoint. Instead, they place themselves in the middle of a conversation. If they can see the traffic, they can steal information. If they can change the traffic, they can redirect victims, inject malicious content, or manipulate transactions.

Remember: MitM is about position. If the attacker can sit between two parties, they can observe and sometimes alter what is exchanged.

Summary 📝

A Man-in-the-Middle attack occurs when an attacker intercepts communication between two parties and can observe or modify it. MitM is common on untrusted or compromised networks and can lead to credential theft, session hijacking, and traffic manipulation. Strong defenses include encryption in transit with proper certificate validation, VPN use on untrusted networks, secure Wi-Fi and network controls, and monitoring for suspicious DNS and certificate behavior.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.