MAN IN THE MIDDLE ATTACK
A man in the middle attack is one in which the attacker intercepts the messege between the client and the destined server and transmits his own message into it, so that the two original parties still appear to be communicating with each other, and in real, the attacker is intercepting the connections.
The attack gets its name from the ball game where two people try to throw a ball directly to each other while one person in between them attempts to catch it. In a man in the middle attack, the intruder uses a program that appears to be the server to the client and appears to be the client to the server. The attack may be used simply to gain access to the message, or enable the attacker to modify the message before retransmitting it.
Here is a graphic representation of a Man in the Middle Attack in a corporate network.
The simple breakdown of the attack would be, the attacker creates a fake access point with the client thinking that it’s a valid access point and connects to it. The attacker might or might not be connected to a server at the other end, if connected to a server at the other end the attacker can see, modify and retransmit the data that the client was actually directly sending to the server. That means the attacker captures the packet in the middle of the transmission
and legitimately transmits the data to the server, so that both parties(server and the client) think that a genuine data transfer is in progress.
Some of the most widely used forms of MITM attacks are ARP cache poisoning, DNS spoofing, HTTP session hijacking, passing the hash, and more