Man-in-the-middle (MITM) attack is a phenomenon by which an attacker obstructs communication between two parties where the communication needs to be direct. In this case, both parties are unaware of the attack that have crop up. Involvement of physical proximity or use of malware to obstruct communications (a man-in-the-browser attack) are a part of this attack. Generally the financial transactions, secured connections, and other interactions involving username and password are attacked.
Also, there can be the use of many different methods for obstructing communications like, email, session, or IP hijacking, Wi-Fi® eavesdropping, Trojan attacks, DNS spoofing, or HTTP injections.
Explaining the process of MITM attack would be effective in the form of an example. Person A and person B intends to send messages to each other. On the other hand, person C wants to obstruct their communication and hence, initiates the process of MITM attack.
Suppose, person A and person B wants to message each other their bank accounts number for cash withdrawal. Meanwhile, person C locates a security hole which will allow that person to obstruct both their communications and become the man-in-the-middle between their communications. Whatever they will discuss, will be gathered by person C, and that’s exactly how a forgery takes place. This whole phenomenon is known as an MITM attack.
All information about the concept of MITM is outlined in this review.