Topics Glossary About Privacy Terms Free IP Tools →
Intermediate Apr 5, 2026 5 min read Updated Apr 5, 2026

What Is a Man-in-the-Middle Attack? Eavesdropping on Your Connection

mitm security attack encryption ssl

A Man-in-the-Middle (MITM) attack is a cyberattack where the attacker secretly intercepts and potentially alters communication between two parties who believe they’re communicating directly with each other. The attacker positions themselves between you and the server (or between you and another person) and can read, modify, inject, or redirect the data flowing through. It’s like someone secretly opening your mail, reading it, possibly changing the contents, resealing it, and delivering it to the recipient who has no idea it was tampered with.

How MITM Attacks Work

On Public Wi-Fi

The classic scenario. An attacker on the same Wi-Fi network (coffee shop, hotel, airport) uses techniques like ARP spoofing to redirect other users’ traffic through their device:

  1. Attacker sends fake ARP messages to your device: “I’m the router”
  2. Attacker sends fake ARP messages to the router: “I’m user’s device”
  3. All your traffic now flows through the attacker’s machine
  4. Attacker reads/modifies unencrypted traffic and forwards it along
  5. Neither you nor the router realizes there’s an intermediary

This is why public Wi-Fi without a VPN is risky for any unencrypted traffic.

SSL Stripping

The attacker downgrades your HTTPS connection to HTTP. You type yourbank.com, the attacker intercepts the redirect from HTTP to HTTPS, communicates with the bank over HTTPS, and serves you the content over HTTP.

Your browser shows an HTTP connection (no padlock) while the attacker has full access to your traffic. HSTS headers and browser preload lists defend against this (they refuse to connect over HTTP entirely), which is why HSTS configuration matters.

Rogue Access Points

Set up a Wi-Fi network named “Starbucks Free WiFi” near a Starbucks. People connect thinking it’s the cafe’s network. All their traffic now passes through your device. This is trivially easy to set up and surprisingly effective.

DNS Spoofing

Redirect DNS queries to resolve yourbank.com to the attacker’s server instead of the real one. Combined with a convincing fake website, users enter credentials without realizing they’re on the wrong server.

Defenses

  • Always use HTTPS (and watch for warnings about invalid certificates)
  • Enable HSTS on your websites (prevents SSL stripping)
  • Use a VPN on untrusted networks
  • Verify certificates when you get browser security warnings (don’t click through them)
  • Use DNS over HTTPS to prevent DNS spoofing
  • Certificate pinning in apps (stores expected certificates, rejects substitutes)

Test It Yourself

Check HTTPS Security

Verify any website's TLS configuration, HSTS headers, and certificate chain.

Open Tool →

Frequently Asked Questions

Yes, assuming the certificate is legitimate. HTTPS with TLS encrypts traffic between your browser and the server and verifies the server's identity through certificates. An attacker in the middle can't decrypt the traffic without the server's private key, and can't present a fake certificate without your browser showing a warning.
A VPN prevents local MITM attacks (on Wi-Fi, at ISP level) by encrypting all traffic between your device and the VPN server. But it doesn't protect against MITM between the VPN server and the destination.
Related Articles

Keep Reading

protocols

What Is SSL/TLS? How That Little Padlock Actually Works

SSL/TLS encrypts the connection between your browser and a website. Learn how HTTPS works, the TLS …

Beginner 8 min read
protocols

HTTP vs HTTPS: What's the Difference (And Why It Matters)?

HTTP sends data in plain text while HTTPS encrypts it with TLS. Learn the differences, why HTTPS is …

Beginner 7 min read
security

What Is a VPN? The Unbiased Guide (No Affiliate Links)

A VPN creates an encrypted tunnel between your device and a server, hiding your IP address and …

Beginner 9 min read
threats

What Is Phishing? The Internet's Oldest (and Best) Trick

Phishing uses fake emails, websites, and messages to trick you into revealing passwords, credit card …

Beginner 6 min read