What is a Man-in-the-middle attack?
An attack where an attacker relays all messages back and forth between a client and server. During the attack, messagesmay be changed or simply recorded for later use.
An example of this attack is where a victim contacts a web server that is controlled by an attacker, thinking that this is his bank. The web server then immediately establishes a connection to the user's bank.
It send any information it receives from the bank to the victim, who thinks he received the information from the bank. Any information sent from the victim to the attacker's web server is immediately forwarded to the bank, who then thinks it receives the information from the user in question.
There is no noticeable delay, so this is not detectable. As the web server sends information back and forth, it may also save all the information it receives. While SSL may help protect against man-in-the-middle attacks, there are also ways by which an attacker can cause two sessions to be started by the victim at the same time, where one of them results in a connection with the bank and the other results in the theft of information sent to the bank.
Man-in-the-middle attacks can be performed by malware, whether residing on the victim's machine, on a router or access point he connects to, or on another machine on the Internet.
Read more at Woods LLP