What is Man-in-the-Middle Attack?

Turkish: MITM Saldırısı

A MITM attack intercepts traffic between two parties so an attacker can read, alter, or redirect communication without consent.

What is a Man-in-the-Middle Attack?

A MITM attack happens when an attacker places themselves between a user and the system the user thinks they are communicating with. It is not a useful feature; it is a confidentiality and integrity risk.

How Does It Happen?

An attacker may create a fake Wi-Fi network, use ARP spoofing on a local network, tamper with DNS responses, or trick a user into accepting a fraudulent certificate. If successful, the attacker may read passwords, session cookies, payment data, or API traffic. In some cases, they can also alter responses and guide the user toward a harmful action.

How to Reduce the Risk

Strong SSL/TLS configuration, HSTS, never disabling certificate validation, secure cookie settings, DNS protections, patched devices, and caution on untrusted networks are baseline controls. Certificate pinning can reduce some risks in mobile apps, but it requires an operational plan for certificate rotation.

For teams working outside the corporate network, a VPN can help protect traffic. It is not enough by itself; user training, MFA, and endpoint security should be part of the same defense model.