Back to Atlas

Man-in-the-Middle (MitM)

A Man-in-the-Middle attack occurs when an attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.

Attack Simulation

Interceptor Simulation

User
Eavesdropping
Attacker
Server
Log OutputWaiting...
> Client: Initiating secure connection...

Interactive: Toggle the interceptor and send data to see how it can be captured.

Common Scenarios

  • WiFiRogue Access Points: Attackers set up free WiFi spots (e.g., "Free Airport WiFi") to intercept traffic of connected users.
  • EmailEmail Hijacking: Attackers compromise an email account and silently monitor communications to intercept sensitive data or reset passwords.
  • DNSDNS Spoofing: Rerouting a user from a legitimate site (like a bank) to a fake site that looks identical to steal credentials.

Prevention & Defense

Encryption (HTTPS/TLS)Always ensure websites use HTTPS. This encrypts traffic, making it unreadable even if intercepted.
Virtual Private Network (VPN)Encrypts your entire internet connection, creating a secure tunnel through public networks.
Avoid Public WiFiBe cautious on unsecured public networks. Avoid accessing sensitive accounts (banking) on them.