Home/ Glossary/ Man-in-the-Middle Attack

Man-in-the-Middle Attack (MITM)

Security Glossary - Web Security

Definition: A man-in-the-middle (MITM) attack occurs when an attacker secretly intercepts and potentially alters communications between two parties who believe they are communicating directly. In web security, this typically means intercepting traffic between a user's browser and a web server to read sensitive data or inject malicious content.

Summary

  • Attacker secretly intercepts and possibly alters communication between two parties
  • Both parties believe they are communicating directly with each other
  • HTTPS and certificate validation are the primary defenses
  • Common on unsecured Wi-Fi networks and compromised routers
  • HSTS preloading prevents the initial unencrypted request that enables interception

The Importance of MITM

MITM attacks are a fundamental threat to web communication. On unencrypted HTTP connections, any network intermediary (the Wi-Fi access point operator, the ISP, a compromised router) can read and modify all traffic. This means they can steal login credentials, inject malware, redirect traffic, or modify page content.

HTTPS with properly configured TLS is the primary defense against MITM. The TLS handshake authenticates the server (proving it is the real server, not an impostor) and encrypts all traffic (preventing eavesdropping and tampering). HSTS strengthens this by preventing SSL stripping attacks where the attacker downgrades the connection to HTTP.

MITM attacks remain relevant even with HTTPS in specific scenarios: compromised CA certificates, corporate TLS inspection proxies, malicious browser extensions, or devices with attacker-installed root certificates. Certificate Transparency, HSTS preloading, and certificate pinning (for mobile apps) provide additional layers of defense.

How to Check

An SSL checker verifies your TLS configuration is strong enough to resist MITM attacks. Check for proper certificate chain, strong cipher suites, HSTS header, and no support for deprecated TLS versions that have known vulnerabilities.

Check SSL Certificate

MITM FAQ

Does HTTPS completely prevent MITM attacks?
HTTPS prevents MITM for properly configured sites with valid certificates. However, if the attacker has a trusted CA certificate (corporate proxy, compromised CA, or user-installed root cert), they can perform MITM even on HTTPS connections. HSTS and certificate pinning add extra protection.
Are public Wi-Fi networks vulnerable to MITM?
Yes. The Wi-Fi access point operator or anyone on the same network can potentially intercept traffic. HTTPS protects against this, but only if the site uses HTTPS for all communications. This is why HSTS and HTTPS everywhere are important.

Related Concepts

Hypertext Transfer Protocol Secure Transport Layer Security HTTP Strict Transport Security SSL/TLS Certificate DNS Hijacking
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.