A man-in-the-middle (MITM) attack occurs when an attacker secretly positions themselves between two communicating parties, intercepting and potentially modifying their communications without either party's knowledge.
The name describes the attack precisely: the attacker is the "man in the middle" — receiving your communications, potentially reading or altering them, then forwarding them to the intended recipient. Both parties believe they are communicating directly with each other.
How MITM Attacks Work
Network-Level MITM:
The attacker gains a position on the network between you and the server you are communicating with. Common methods include:
- ARP spoofing on local networks (attacker associates their MAC address with a legitimate IP)
- DNS spoofing (attacker redirects domain queries to malicious servers)
- Rogue Wi-Fi access points (attacker creates a fake network you connect to)
- BGP hijacking (large-scale attack redirecting internet routing)
SSL Stripping
The attacker intercepts an HTTPS connection and downgrades it to HTTP, removing the encryption that would protect your data.
Session Hijacking
The attacker captures your session cookie (used to maintain your logged-in state) and uses it to impersonate you to the server.
Email MITM
Attackers intercept email communications and may modify bank account details in financial correspondence or insert malicious links.
MITM Attack Scenarios in Practice
Public Wi-Fi attacks: An attacker on the same network uses ARP spoofing to position themselves between you and the router, intercepting all your traffic.
Evil twin attacks: An attacker creates a Wi-Fi network named identically to a legitimate network (coffee shop Wi-Fi). You connect to the attacker's network instead.
HTTPS spoofing: An attacker uses a lookalike domain with a valid SSL certificate. You see HTTPS, but you are connected to the attacker's server.
How to Protect Against MITM Attacks
Use HTTPS exclusively
Enable HTTPS-only mode in your browser. Never proceed past HTTPS warnings. HTTPS encrypts communications and verifies server identity through certificates.
Verify certificate details
For sensitive sites, verify the SSL certificate details by clicking the padlock icon. The certificate should be issued to the expected organization.
Use a VPN on public networks
A VPN encrypts all traffic between your device and the VPN server, preventing network-level eavesdropping on public Wi-Fi.
Be cautious of unverified Wi-Fi
Verify the exact network name with venue staff before connecting. Disconnect from unknown networks.
Enable HSTS preloading
Modern browsers maintain HSTS (HTTP Strict Transport Security) lists that prevent SSL stripping on known sites.
Use certificate pinning applications
Many banking and financial apps use certificate pinning — they only accept connections using their specific certificate, preventing impersonation.
How MITM Relates to Email and Temp90
MITM attacks on email typically target login credentials — capturing your username and password during authentication. Two-factor authentication provides critical protection: even if credentials are captured, the attacker cannot log in without the second factor.
Using Temp90 for registrations on unfamiliar sites reduces the risk of entering real credentials on potentially compromised platforms.
Frequently Asked Questions
Can HTTPS be compromised in a MITM attack?
Properly implemented HTTPS with certificate validation is highly resistant to MITM. Attacks that succeed against HTTPS typically exploit user behavior (ignoring certificate warnings, accepting fake certificates) rather than breaking the cryptography.
Is public Wi-Fi always dangerous?
Public Wi-Fi risks are real but manageable. Use HTTPS-only browsing and a VPN on public networks, and avoid accessing sensitive accounts without these protections. With these measures, public Wi-Fi is reasonably safe for most use cases.
How do I know if I am being MITMed?
Browser certificate warnings are the most visible indicator. Unusual SSL certificate details (wrong issuer, domain mismatch) suggest MITM. Network-level attacks may be invisible without specialized monitoring tools.
Conclusion
Man-in-the-middle attacks exploit the position between communicating parties to intercept data. HTTPS adoption, VPN use on public networks, and vigilance about certificate warnings are the core defenses. The widespread adoption of HTTPS has significantly reduced the viability of many MITM attacks for general browsing — making the remaining risk primarily relevant on untrusted networks where a VPN is essential.