loading
Loading content
loading
Also known as MITM, on-path attack
In a man-in-the-middle attack, the attacker positions themselves on the path between two communicating parties and relays the traffic while reading or modifying it. Each side believes it talks directly to the other. The attacker can harvest credentials, inject content, downgrade encryption, or silently observe a session, depending on the goal.
Attackers reach that position through several means: ARP spoofing on a local network, a rogue Wi-Fi access point, DNS poisoning, or BGP hijacking at the routing layer. On a network they have already mapped, an attacker uses this foothold to capture credentials that enable lateral movement deeper into the environment.
TLS/SSL is the primary defense, since proper certificate validation lets a client detect an interloper and refuse the connection. The classic MITM failures come from missing validation, accepted self-signed certificates, or a forced downgrade to cleartext. Captured credentials from an MITM also feed offline attacks like credential stuffing against other services.
In a Trickest workflow, MITM exposure shows up as a finding rather than an action: you scan for services that accept weak or expired certificates, flag plaintext protocols on a host, and correlate the results with network mapping to show where interception would be feasible.
Related terms