A man-in-the-middle (MITM) attack is when an attacker secretly intercepts communication between two parties who believe they're communicating directly with each other. You think you're talking to your bank β you're actually talking to an attacker who is relaying (and reading) messages to and from the bank.
How MITM Attacks Work
ARP Poisoning β on a local network (like public Wi-Fi), an attacker sends fake ARP messages that cause other devices to route traffic through the attacker's machine. All unencrypted traffic can be read or modified.
SSL Stripping β the attacker intercepts an HTTPS request and serves the victim an HTTP version of the site. The victim sees content over an unencrypted connection without realising the site should be HTTPS.
Evil Twin Wi-Fi β a malicious hotspot mimics a legitimate network. Connected devices route all traffic through the attacker's equipment.
DNS Spoofing β corrupts the DNS cache to redirect requests for legitimate domains to attacker-controlled servers.
Why HTTPS Matters
HTTPS encrypts the communication between your browser and the server using TLS. A MITM attacker can see that you're communicating with your bank but cannot read the content of the communication or inject modifications without breaking the TLS connection β which your browser detects and warns about. Always verify the padlock icon and HTTPS prefix on any site where you enter sensitive information.
Certificate Pinning
Banking apps use certificate pinning β the app knows exactly which SSL certificate the bank's server should present, and refuses to connect if anything different appears. This makes MITM attacks against banking apps very difficult even with a malicious root certificate installed.
Practical Prevention
Use HTTPS-only sites for anything sensitive. Enable HTTPS-Only mode in Firefox (Settings β Privacy & Security β HTTPS-Only Mode). Use a VPN on public Wi-Fi. Use a password manager β it won't autofill credentials on a fake version of a website because the domain doesn't match.