Man-in-the-Middle Attack
What is Man-in-the-Middle Attack?
Man-in-the-Middle AttackAn attack in which an adversary secretly relays or alters communications between two parties who believe they are talking directly to each other.
A man-in-the-middle (MitM) attack places the attacker on the network path between two endpoints, allowing them to intercept, inspect, modify, or inject messages without either party knowing. Common positions are achieved through ARP spoofing on LANs, rogue Wi-Fi access points, BGP or DNS hijacking, malicious proxies, or compromised TLS interception devices. Goals include credential theft, session hijacking, fraudulent transaction manipulation, and downgrade attacks against weak encryption. Defences rely on strong, authenticated encryption (TLS with valid certificates, mTLS), HSTS, certificate pinning, DNSSEC and encrypted DNS, secure-by-default Wi-Fi (WPA3, 802.1X), and protocol hardening such as disabling legacy SSL/TLS versions.
● Examples
- 01
On an open café Wi-Fi, an attacker intercepts unencrypted HTTP traffic and replaces a software-update URL with a malicious binary.
- 02
BGP hijack redirects a payment-service prefix through an attacker-controlled ISP that performs TLS interception.
● Frequently asked questions
What is Man-in-the-Middle Attack?
An attack in which an adversary secretly relays or alters communications between two parties who believe they are talking directly to each other. It belongs to the Attacks & Threats category of cybersecurity.
What does Man-in-the-Middle Attack mean?
An attack in which an adversary secretly relays or alters communications between two parties who believe they are talking directly to each other.
How do you defend against Man-in-the-Middle Attack?
Defences for Man-in-the-Middle Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Man-in-the-Middle Attack?
Common alternative names include: MitM attack, On-path attack.