Man-in-the-Middle Attack
Definition
A man-in-the-middle attack (MitM) occurs when an attacker secretly intercepts and potentially manipulates communication between two parties, without either party realising.
In a MitM attack, the attacker positions themselves between two communicating parties, for example between a user and a web server. This allows the attacker to eavesdrop on traffic, steal credentials or manipulate communications.
Examples include ARP poisoning on local networks, SSL stripping (downgrading HTTPS to HTTP), rogue Wi-Fi access points and DNS spoofing. MitM attacks are effective on unsecured networks.
Defence consists of end-to-end encryption (TLS/HTTPS), certificate pinning, VPN use on public networks and network segmentation.