Security
Man-in-the-Middle Attack
Also known as: MITM, On-Path Attack, Adversary-in-the-Middle
Intercepts communication between two parties who believe they're talking directly. TLS encryption and certificate validation are the primary defenses.
In a MITM attack, the attacker positions themselves between two communicating parties — intercepting, reading, and potentially modifying traffic before forwarding it. Neither party realizes the communication is being intercepted.
Common attack scenarios
ARP spoofing — on a local network, the attacker sends falsified ARP packets associating their MAC address with a legitimate IP address (typically the default gateway). Traffic intended for the gateway flows through the attacker's machine instead.
DNS spoofing — the attacker corrupts DNS responses to direct traffic to a malicious server instead of the intended destination. Combined with a fake certificate, this can intercept HTTPS traffic.
Rogue Wi-Fi access points — the attacker creates a fake Wi-Fi network with a name similar to a legitimate one. Devices that connect have all their traffic routed through the attacker's infrastructure.
SSL stripping — the attacker intercepts an HTTPS request and proxies it as HTTP between themselves and the server, while maintaining HTTPS between themselves and the client. HSTS and certificate pinning prevent this.
Defense
TLS with valid certificates is the primary defense — it ensures you're actually talking to the server you intend to, and encrypts the traffic even if it's intercepted. HSTS prevents SSL stripping. Certificate pinning in applications prevents fraudulent certificates. For network-level attacks, 802.1X prevents rogue devices from joining your network, and VPN encryption protects traffic even on untrusted networks.