What is a man-in-the-middle (MITM) attack?

A Man-in-the-Middle (MITM) attack occurs when an attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly with each other. The attacker positions themselves between the victim and the legitimate server — relaying (and potentially modifying) messages. Common techniques: ARP spoofing (poisoning ARP tables on a LAN to redirect traffic), DNS spoofing (redirecting domain lookups to attacker-controlled IPs), SSL stripping (downgrading HTTPS to HTTP), evil twin WiFi (fake access point). Prevention: (1) TLS/HTTPS with certificate validation. (2) HSTS (HTTP Strict Transport Security) prevents SSL stripping. (3) Certificate pinning for mobile apps. (4) VPN on public networks. (5) MFA (limits damage from credential theft).