A Man in the Middle (MITM) attack is the type of attack in which the attacker sets himself in the middle of the communication line between two parties, usually a client and a server. This is done by breaking the original channel and then intercepting messages from one party and relaying them (sometimes with alterations) to the other.

Let's look at the following example:

Alice is connected to a web server and Bob wants to know what information Alice is sending so Bob sets up a MITM attack by telling the server he is Alice and telling Alice he is the server. Now, all Alice's requests will go to Bob and Bob will resend them (altered or not) to the web server, doing the same with the server's responses. In this way, Bob will be able to intercept, read and modify all traffic between Alice and the server.

Although MITM attacks are not specifically web attacks, it is important for any penetration tester to know about them, how to perform them and how to prevent them as they can be used to steal passwords, hijack sessions, or perform unauthorized operations in web applications.

In this chapter, we will set up a Man in the Middle attack and use it to get information and carry out more sophisticated attacks.