MITM

In a man-in-the-middle (MITM) attack, the attacker secretly sits between two parties, relaying and possibly altering traffic while each side believes it’s talking directly to the other. Common setups use ARP poisoning, rogue Wi-Fi access points, or DNS spoofing to get into the path. Properly validated TLS — and certificate pinning for high-value apps — defeats most MITM attempts; “on-path attack” is the current preferred term for the same concept.