A Man-in-the-Middle (MITM) attack occurs when an attacker secretly positions themselves between two communicating parties - intercepting, reading, and potentially altering messages without either party knowing.
How MITM Attacks Work
- The attacker places themselves on the communication path (e.g., by running a rogue Wi-Fi hotspot).
- Traffic flows through the attacker's system to the real destination.
- The attacker reads and may modify the traffic before passing it on.
- Both victim and server believe they are communicating directly with each other.
Common MITM Attack Vectors
| Attack Vector | Description |
|---|---|
| Rogue Wi-Fi hotspot | Attacker creates a fake Wi-Fi with a legitimate-looking name |
| ARP spoofing | Poisons ARP cache on local network to redirect traffic through attacker's machine |
| DNS spoofing | Redirects domain resolution to attacker-controlled server |
| SSL/TLS stripping | Downgrades HTTPS connection to HTTP, exposing unencrypted traffic |
| BGP hijacking | Routes internet traffic through attacker-controlled ASN |
How HTTPS Prevents MITM
HTTPS uses TLS certificate validation. When your browser connects to a bank site, it verifies the server's certificate was signed by a trusted CA and matches the domain. An attacker in the middle cannot forge a valid certificate, so the browser shows a warning and refuses to connect.
How VPNs Help
A VPN creates an encrypted tunnel to a trusted server. Traffic is encrypted before it leaves your device, so an attacker on the local network sees only encrypted gibberish - not the content of your communications.
People Also Ask
- What is the most common security risk associated with public Wi-Fi?
- MITM attacks and rogue hotspots. Attackers set up fake Wi-Fi networks that look legitimate, then intercept unencrypted traffic from devices that connect.
Related: Public Wi-Fi risks | HTTPS | VPN Leak Test