Back to course

Man-in-the-Middle (MITM) Attack Concepts

Cyber Security Mastery: From Zero to Hero

Intercepting Traffic

A Man-in-the-Middle (MITM) attack occurs when an attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

The Three Steps

  1. Interception: The attacker must reroute the target's traffic through their own machine.
  2. Inspection/Modification: The attacker reads or changes the data in transit (e.g., sniffing credentials).
  3. Relaying: The attacker forwards the traffic to the intended recipient.

Primary MITM Vector on a LAN

ARP Spoofing (covered next) is the most common technique to set up a MITM on a local network, fooling devices into sending their traffic to the attacker's machine instead of the true gateway (router).