[{"data":1,"prerenderedAt":79},["ShallowReactive",2],{"term-m\u002Fmitm":3,"related-m\u002Fmitm":60},{"id":4,"title":5,"acronym":5,"body":6,"category":39,"description":40,"difficulty":41,"extension":42,"letter":43,"meta":44,"navigation":45,"path":46,"related":47,"seo":53,"sitemap":54,"stem":57,"subcategory":58,"__hash__":59},"terms\u002Fterms\u002Fm\u002Fmitm.md","MITM",{"type":7,"value":8,"toc":32},"minimark",[9,14,18,22,25,29],[10,11,13],"h2",{"id":12},"eli5-the-vibe-check","ELI5 — The Vibe Check",[15,16,17],"p",{},"MITM stands for Man-in-the-Middle. An attacker silently sits between your browser and the server, eavesdropping on everything. If the connection isn't encrypted (no HTTPS), they see every byte. If they control a network, they can intercept even HTTPS if certificate validation is bypassed.",[10,19,21],{"id":20},"real-talk","Real Talk",[15,23,24],{},"MITM attacks are categorized by technique: SSL stripping (downgrading HTTPS to HTTP), SSL interception (with a forged certificate), and BGP hijacking (routing-level). Mobile apps are especially vulnerable if they disable certificate validation. Burp Suite is a common MITM proxy used in penetration testing.",[10,26,28],{"id":27},"when-youll-hear-this","When You'll Hear This",[15,30,31],{},"\"Burp Suite acts as a MITM proxy during security testing.\" \u002F \"The mobile app was vulnerable to MITM due to disabled certificate validation.\"",{"title":33,"searchDepth":34,"depth":34,"links":35},"",2,[36,37,38],{"id":12,"depth":34,"text":13},{"id":20,"depth":34,"text":21},{"id":27,"depth":34,"text":28},"security","MITM stands for Man-in-the-Middle. An attacker silently sits between your browser and the server, eavesdropping on everything.","intermediate","md","m",{},true,"\u002Fterms\u002Fm\u002Fmitm",[48,49,50,51,52],"Man-in-the-Middle","TLS","HTTPS","Certificate","Penetration Testing",{"title":5,"description":40},{"changefreq":55,"priority":56},"weekly",0.7,"terms\u002Fm\u002Fmitm",null,"k4w4r2fEwGtnhiFx0lrYDJzF1mvtVZsXK1Mtf5hj40U",[61,64,70,73,76],{"title":51,"path":62,"acronym":58,"category":39,"difficulty":41,"description":63},"\u002Fterms\u002Fc\u002Fcertificate","A certificate is a digital ID card for a website, signed by a trusted authority.",{"title":50,"path":65,"acronym":66,"category":67,"difficulty":68,"description":69},"\u002Fterms\u002Fh\u002Fhttps","HyperText Transfer Protocol Secure","networking","beginner","HTTPS is HTTP but with a bodyguard. All the data flying between your browser and the website is scrambled so nobody can spy on it.",{"title":48,"path":71,"acronym":5,"category":39,"difficulty":41,"description":72},"\u002Fterms\u002Fm\u002Fman-in-the-middle","A man-in-the-middle attack is when a hacker secretly sits between you and the website you're talking to, reading and possibly changing everything you send...",{"title":52,"path":74,"acronym":58,"category":39,"difficulty":41,"description":75},"\u002Fterms\u002Fp\u002Fpenetration-testing","Penetration testing (pentesting) is hiring ethical hackers to try to break into your own systems before the real bad guys do.",{"title":49,"path":77,"acronym":49,"category":39,"difficulty":41,"description":78},"\u002Fterms\u002Ft\u002Ftls","TLS (Transport Layer Security) is the updated, actually-secure version of SSL. It's the technology that puts the padlock in your browser's address bar.",1776518293755]