A Man-In-The-Middle attack (often abbreviated MITM or MiM) is a type of malicious attack on the communication between two parties, often a client/server situation. In a man in the middle attack, a third party pretends to be the server that a client is trying to connect to, and when the client connects, sends it’s request to the actual server it wants to connect to. It takes the response the actual server sent back to it and sends it back to the client.
As far as the client is concerned, they can’t tell the difference – everything is behaving as if they were connected to the server itself. However – the man-in-the-middle is intercepting all data transmitted between the two parties on both sides, and can even manipulate the information as it’s being sent between the two of them.
So how do we defend against this kind of man-in-the-middle attack, and prevent the data theft and manipulation between the communicating parties? Public Key Encryption is used almost exclusively to combat this kind of malicious attack. By negotiating a key in the clear and then encrypting messages going forward, you can ensure that any eavesdroppers between you and your destination can not gain access to your information.