Man-in-the-Middle Attack (MitM)
An attack in which the attacker secretly intercepts and potentially alters communications between two parties who each believe they are talking directly to the other.
Also known as: MitM, on-path attack, interception attack
Last reviewed: 10 June 2026
In a man-in-the-middle attack, the attacker positions themselves in the communication path between a victim and a legitimate service — such as a bank's website, an email server, or a messaging app. The attacker can silently read all traffic (eavesdropping), modify messages or transaction amounts in transit, or replay captured authentication tokens to impersonate the victim.
Common MitM techniques include ARP poisoning on local networks, rogue Wi-Fi hotspots that mimic legitimate ones, and SSL stripping (downgrading HTTPS to HTTP). Public and unsecured Wi-Fi networks are particularly high-risk environments.
Always verify that a padlock icon and correct HTTPS certificate appear before entering sensitive data online. Avoid conducting financial transactions over public Wi-Fi; use a trusted VPN if necessary.
Examples
- An attacker sets up a hotspot named 'Airport Free WiFi'; users who connect have all their browsing relayed through the attacker's device.
- ARP poisoning on a corporate LAN redirects traffic between two colleagues through an attacker's machine.