Man-in-the-Middle (MiTM) Attacks

In a MiTM attack, the attacker secretly positions themselves between two parties (User and Server) who believe they are communicating directly. The attacker can eavesdrop on plain-text traffic (HTTP, FTP, Telnet) or even inject malicious content into valid requests. Public WiFi networks (Airports, Cafes) are the hunting ground for this.

2. DNS Spoofing (Phishing)

You type `facebook.com`. Your computer asks the DNS server for the IP.
If the attacker controls the Router (or is the MiTM via ARP spoofing), they answer first.
"Facebook.com is at 66.66.66.66" (The Attacker's IP).
You see a perfect clone of the Facebook login page. You enter your password. The attacker logs it and redirects you to the real Facebook.

3. SSL Stripping (Defeating HTTPS)

HTTPS encrypts traffic, making MiTM useless (they see garbage data).
The Attack (SSLStrip):
1. You request `http://bank.com`.
2. The Server responds "Redirect to `https://bank.com`".
3. The Attacker intercepts the redirect. They connect to the Bank via HTTPS (secure), but they serve the page to YOU via HTTP (insecure).
4. You see the Bank page, but no Padlock icon. If you don't notice, your password is sent in plain text.

Defense: HSTS (HTTP Strict Transport Security) forces browsers to ONLY accept HTTPS, blocking this downgrade attack.

4. WiFi Evil Twin

The attacker sets up a WiFi hotspot with the same name (SSID) as a legitimate network (e.g., "Starbucks Free WiFi").
Your phone, seeing a familiar name, auto-connects.
The attacker now controls 100% of your traffic.
Advanced: Using a WiFi Pineapple to actively de-authenticate users from the real router, forcing them to reconnect to the Twin.