A Man in the Middle (MITM) Attack occurs when an attacker puts themselves between two parties in a conversation and impersonates both parties to gain access to the information being exchanged. Neither party knows this is happening during the conversation. Here is a simple visual representation…
Now that the attacker has inserted themselves between the client and server, they can inject bogus information and then intercept the data that’s transferred between them. Here is an example of that scenario…
The picture above paints a great picture of what occurs in a man in the middle attack. Jack and Jill have no idea that their information is being manipulated upon transfer. Jill just assumes that her key is being sent to Jack and Jack thinks his account number is only being seen by Jill. When in fact, Peter is changing up the information to trick both sides of the conversation.
Common Uses of a Man in the Middle Attack
Websites with logins – Pretty much any website that has a login which grants the user access to important information. As you can imagine, a lot of sites fall into this category, but financial ones are the most obvious.
Secure connections – Any internet connection that needs to be secured with a public or private key.