NovaBlockNovaBlock
All terms

Man-in-the-Middle Attack

Also known as: mitm, on-path attack

An attacker positioned between you and the site you're talking to, reading or altering traffic.

Updated 10 February 2026

A man-in-the-middle sits on the network path — hostile Wi-Fi, a compromised router, a rogue ISP — and either passively records traffic or actively rewrites it. Without TLS, both are trivial; with TLS, the attacker must trick the browser into accepting a fake certificate.

Defences: HTTPS everywhere, HSTS, certificate transparency logs, and pinned certificates in high-value apps like banking. Public Wi-Fi is a classic MITM surface — treat plain-HTTP sites on unfamiliar networks as compromised.

Related terms