MITM
In MITM (Man-in-the-Middle) attacks, the attacker intercepts and manipulates data transmitted between two parties such as a server and a client(e.g., a web browser).
Using HTTP is like running in the public without clothes. Every thing you submited, downloaded is visible to the attacker. In recent years, browsers started to mark HTTP websites as not secure.
Always use HTTPS to encrypt communications between your web server and users.
Here's how HTTPS works to prevent MITM attacks:
-
When a client connects to a server using HTTPS, they initiate a handshake process. During this process, the server presents its SSL/TLS certificate to your browser.
-
Your browser checks the certificate to ensure it's valid and issued by a trusted CA (Certificate Authority).
-
If the certificate is valid, your browser and the server establish a secure connection using encryption.
-
Data is transmitted between your browser and the server, encrypted to protect its privacy.