[{"data":1,"prerenderedAt":293},["ShallowReactive",2],{"blog-glossary/man-in-the-middle":3},{"id":4,"title":5,"body":6,"category":268,"date":269,"dateModified":269,"description":270,"draft":271,"extension":272,"faq":273,"featured":271,"headerVariant":277,"image":278,"keywords":278,"meta":279,"navigation":280,"ogDescription":281,"ogTitle":282,"path":283,"readTime":284,"schemaOrg":285,"schemaType":286,"seo":287,"sitemap":288,"stem":289,"tags":290,"twitterCard":291,"__hash__":292},"blog/blog/glossary/man-in-the-middle.md","What is a Man-in-the-Middle Attack? Network Security",{"type":7,"value":8,"toc":258},"minimark",[9,16,21,24,28,57,61,128,132,161,170,174,205,227,246],[10,11,12],"tldr",{},[13,14,15],"p",{},"A man-in-the-middle (MITM) attack intercepts communications between two parties. The attacker can eavesdrop, steal data, or modify messages. HTTPS is the primary defense: encryption prevents reading intercepted traffic, and certificate validation proves you are talking to the real server. Always use HTTPS and be cautious on public WiFi.",[17,18,20],"h2",{"id":19},"the-simple-explanation","The Simple Explanation",[13,22,23],{},"Imagine passing notes in class, but someone in between reads and rewrites them before passing them on. Neither sender nor receiver knows their messages are being intercepted. On networks, attackers position themselves between your device and the server, seeing everything you send and receive.",[17,25,27],{"id":26},"how-mitm-attacks-work","How MITM Attacks Work",[29,30,32,43,54],"prompt-box",{"title":31},"Attack positioning",[13,33,34,35,39,40],{},"Normal communication:\n",[36,37,38],"span",{},"Your Device"," \u003C-----> ",[36,41,42],{},"Server",[13,44,45,46,48,49,48,52],{},"MITM attack:\n",[36,47,38],{}," \u003C-> ",[36,50,51],{},"Attacker",[36,53,42],{},[13,55,56],{},"The attacker intercepts traffic in both\ndirections. Without encryption, they see\neverything: passwords, messages, data.",[17,58,60],{"id":59},"attack-techniques","Attack Techniques",[62,63,64,80],"table",{},[65,66,67],"thead",{},[68,69,70,74,77],"tr",{},[71,72,73],"th",{},"Technique",[71,75,76],{},"How It Works",[71,78,79],{},"Location",[81,82,83,95,106,117],"tbody",{},[68,84,85,89,92],{},[86,87,88],"td",{},"ARP spoofing",[86,90,91],{},"Pretends to be the router",[86,93,94],{},"Local network",[68,96,97,100,103],{},[86,98,99],{},"Rogue WiFi",[86,101,102],{},"Fake access point",[86,104,105],{},"Public places",[68,107,108,111,114],{},[86,109,110],{},"DNS hijacking",[86,112,113],{},"Redirects domain lookups",[86,115,116],{},"Network/ISP",[68,118,119,122,125],{},[86,120,121],{},"SSL stripping",[86,123,124],{},"Downgrades HTTPS to HTTP",[86,126,127],{},"Between client/server",[17,129,131],{"id":130},"how-https-protects-you","How HTTPS Protects You",[133,134,135,143,149,155],"ul",{},[136,137,138,142],"li",{},[139,140,141],"strong",{},"Encryption:"," Traffic is unreadable to interceptors",[136,144,145,148],{},[139,146,147],{},"Certificate validation:"," Proves server identity",[136,150,151,154],{},[139,152,153],{},"Integrity:"," Detects any message modification",[136,156,157,160],{},[139,158,159],{},"HSTS:"," Forces HTTPS, prevents downgrade attacks",[162,163,164],"warning-box",{},[13,165,166,169],{},[139,167,168],{},"Certificate warnings matter."," When your browser warns about an invalid certificate, it might be detecting a MITM attack. Do not click through these warnings, especially on sensitive sites.",[17,171,173],{"id":172},"defense-strategies","Defense Strategies",[133,175,176,182,187,193,199],{},[136,177,178,181],{},[139,179,180],{},"HTTPS everywhere:"," Never send sensitive data over HTTP",[136,183,184,186],{},[139,185,159],{}," Enforce HTTPS at the browser level",[136,188,189,192],{},[139,190,191],{},"Certificate pinning:"," Only accept specific certificates",[136,194,195,198],{},[139,196,197],{},"VPN:"," Encrypt all traffic on untrusted networks",[136,200,201,204],{},[139,202,203],{},"Verify certificates:"," Do not ignore warnings",[206,207,208,215,221],"faq-section",{},[209,210,212],"faq-item",{"question":211},"How does HTTPS prevent man-in-the-middle attacks?",[13,213,214],{},"HTTPS encrypts the connection between browser and server, so intercepted traffic is unreadable. Certificate validation ensures you are talking to the real server, not an imposter. An attacker in the middle sees only encrypted data they cannot decrypt or modify without detection.",[209,216,218],{"question":217},"Are MITM attacks still possible with HTTPS?",[13,219,220],{},"Rarely, if the attacker can compromise certificate authorities, install rogue certificates on devices, or exploit implementation flaws. Corporate proxies often use MITM for monitoring by installing their own root certificates. Always verify you see the correct certificate for sensitive sites.",[209,222,224],{"question":223},"Where do MITM attacks commonly happen?",[13,225,226],{},"Public WiFi networks are common attack locations since attackers can easily intercept traffic. Compromised routers, ARP spoofing on local networks, and DNS hijacking are other vectors. Using a VPN on untrusted networks provides additional protection.",[228,229,230,236,241],"related-articles",{},[231,232],"related-card",{"description":233,"href":234,"title":235},"Primary defense","/blog/glossary/https","HTTPS",[231,237],{"description":238,"href":239,"title":240},"Encryption protocol","/blog/glossary/ssl","SSL/TLS",[231,242],{"description":243,"href":244,"title":245},"Additional protection","/blog/glossary/vpn","VPN",[247,248,251,255],"cta-box",{"href":249,"label":250},"/","Start Free Scan",[17,252,254],{"id":253},"check-your-https-setup","Check Your HTTPS Setup",[13,256,257],{},"Verify your site is protected against MITM attacks.",{"title":259,"searchDepth":260,"depth":260,"links":261},"",2,[262,263,264,265,266,267],{"id":19,"depth":260,"text":20},{"id":26,"depth":260,"text":27},{"id":59,"depth":260,"text":60},{"id":130,"depth":260,"text":131},{"id":172,"depth":260,"text":173},{"id":253,"depth":260,"text":254},"glossary","2026-01-09","Learn what man-in-the-middle attacks are, how they intercept communications, and how HTTPS and other protections prevent them.",false,"md",[274,275,276],{"question":211,"answer":214},{"question":217,"answer":220},{"question":223,"answer":226},"green",null,{},true,"MITM attacks intercept communications between two parties. Learn how HTTPS protects against them.","What is a Man-in-the-Middle Attack?","/blog/glossary/man-in-the-middle","4 min read","[object Object]","DefinedTerm",{"title":5,"description":270},{"loc":283},"blog/glossary/man-in-the-middle",[],"summary_large_image","UP1sOZVrqyKZ8un5NijA7vme3oIObUA4CjWOINj-eEU",1775843922599]