® 
Man-in-the-Middle Attack
Definition
A man-in-the-middle attack (MitM) occurs when an attacker secretly intercepts and potentially manipulates communication between two parties, without either party realising.
A man-in-the-middle (MitM) attack is a cyberattack where an attacker secretly positions themselves between two communicating parties to eavesdrop on, manipulate or intercept traffic. The victim believes they are communicating directly with the intended party while all communication routes through the attacker.
How does a MitM attack work?
The attacker intercepts communication by positioning themselves between two parties via techniques including: ARP spoofing manipulating local network address resolution, DNS spoofing modifying DNS responses, rogue WiFi access points, SSL stripping downgrading HTTPS to HTTP, and session hijacking stealing session tokens.
Impact on organisations
MitM attacks can lead to theft of credentials, financial data and confidential communications. HTTPS and HSTS have reduced some MitM effectiveness, but advanced variants remain a risk.
Protection
Implement HTTPS everywhere with HSTS. Use certificate pinning for critical connections. Avoid public WiFi without VPN. Implement 802.1X for network access control. Monitor for ARP and DNS anomalies. Use end-to-end encryption for sensitive communications.
How DEFION helps
DEFION tests MitM resilience as part of Internal Pentests and Wireless Pentests.