MitM (Man-in-the-Middle) is the commonly used abbreviation for man-in-the-middle attacks — a class of network attacks where an adversary intercepts, and potentially modifies, communication between two parties without their knowledge. The term is used interchangeably in security literature, vulnerability reports, and threat assessments.
How It Works
A MitM attack requires the adversary to insert themselves into the communication path between a client and server. This positioning can be achieved at multiple network layers. At the link layer, ARP spoofing and rogue access points redirect local traffic. At the network layer, DNS poisoning and BGP hijacking divert traffic at larger scales. At the application layer, SSL stripping and proxy-based interception target encrypted sessions.
Once positioned, the attacker operates as an invisible relay. Traffic from the client is intercepted, inspected, and forwarded to the server. Responses from the server pass back through the attacker to the client. Neither party detects the intermediary because the attacker maintains what appear to be legitimate connections with both sides.
The practical impact depends on whether the communication is encrypted and whether the encryption is properly validated. Unencrypted HTTP traffic can be read and modified trivially. HTTPS traffic is protected in transit, but MitM attackers can exploit certificate validation weaknesses, present fraudulent certificates to users who ignore browser warnings, or use SSL stripping to downgrade connections before encryption is established.
Real-World Applications
MitM techniques are used in both offensive and defensive contexts. Security researchers use them to analyze application traffic during penetration testing by proxying connections through interception software. Attackers use them on public Wi-Fi networks to harvest credentials from unencrypted connections. Nation-state actors have used BGP hijacking for large-scale traffic interception.
Why It Matters
MitM attacks threaten the fundamental guarantees of secure communication — confidentiality, integrity, and authenticity. Understanding MitM positioning techniques and defenses is essential for designing systems that protect data in transit and for testing whether those protections hold up in practice.
Need your application tested? Get in touch.