A man-in-the-middle attack is an interception scenario where an attacker places themselves between communicating parties to observe, alter, or relay traffic without proper authorization.
A man-in-the-middle attack, often shortened to MITM, is an interception scenario where an attacker places themselves between communicating systems and relays or manipulates traffic without proper authorization. In plain language, the attacker tries to sit in the middle of a conversation and make both sides think they are talking directly to each other.
MITM attacks matter because they target trust in communication rather than only the endpoints themselves. If an attacker can observe or alter traffic in transit, credentials, session information, transactions, or security-sensitive instructions may be exposed or changed.
They also matter because many defenses that look strong at first glance, such as encryption, depend on correct trust validation. Weak certificate handling, unsafe Wi-Fi behavior, or poorly protected internal traffic can make interception risk much more serious.
MITM risk appears in public network use, proxy inspection design, certificate validation review, API security, remote administration, and mobile app security. Teams think about it when hardening TLS, Mutual TLS, and Certificate Pinning.
Security teams also use the concept when reviewing whether users connect over trusted networks, whether browser warnings are ignored, and whether application traffic validates server identity correctly.
An employee connects to a web portal from an untrusted network. If the application accepts an unexpected certificate or the user ignores a clear trust warning, an interception point could observe or alter traffic that should have remained protected.
A MITM attack is not just “someone reading packets.” The real issue is unauthorized interception of a live exchange, often with the ability to relay or alter traffic.
It is also not the same as Denial of Service. A denial-of-service incident tries to disrupt availability, while MITM attacks focus on interception, manipulation, or deceptive relaying of communication.