How it works (simple idea)

Imagine you’re sending a message to a website:

You → (attacker intercepts) → Website

The attacker places themselves “in the middle” and can:

• Read your data (like passwords, messages)
• Modify the data
• Steal sensitive information

Step-by-step process

1. Interception
   The attacker gains access to your connection
   (often through unsecured public Wi-Fi)
2. Eavesdropping
   They monitor the data being sent (e.g., login credentials)
3. Manipulation (optional)
   They may alter the communication
   (e.g., redirect you to a fake website)

Common types of MITM attacks

• Wi-Fi eavesdropping – Fake or unsecured Wi-Fi networks
• ARP spoofing – Attacker links their device to your IP address
• DNS spoofing – Redirects you to fake websites
• Session hijacking – Steals your active login session

A MITM attack is like someone secretly listening to—and possibly changing—a private conversation between you and another party.