The term man-in-the-middle denotes an encryption attack in a computer network. It is a third host that transparently forwards digital information as a gateway between two or more communication partners and spies simultaneously. The sender and the recipient do not know that there is a third host between the two and that they actually are not communicating directly. This type of attack is called a man-in-the-middle attack (abbreviated MITM attack). The most common targets are secured SSL connections, such as in online banking.


In a man-in-the-middle type of attack, the attacker has full control of the information between two or more link partners. This allows the attacker to read, influence, and manipulate the information. The attacker is reflecting the identity of the first and the second communication partner, so that he can engage in the communication channel. The information between the two hosts is encrypted, but is decrypted by the attacker and passed on (see also proxy server).


  • Two linked partners A and B are in the same subnet. The "man-in-the-middle" sends their own MAC address to the two hosts with the IP address of the respective other party. The computers of the two hosts A and B connect to the attacker’s computer. The two communication partners A and B believe they are connected directly.
  • Phishing attacks through emails that redirect to fake websites.
  • Phishing kits or e-banking
  • Travel portals that are not actually travel portals but offer cheap flights. The customer enters their account number and bank code on the fake website.
  • “Dialer attacks” are classic “man-in-the-middle attacks.”

Attacks on https connections[edit]

An invisible attacker can even attack encrypted https connections. In this case, the attacker must decrypt the information, read it and then pass it on in encrypted form to the two addresses respectively. This form of attack is successful if the encryption of the data packets takes place without signed certificates (for example, by means of fake SSL certificates).

Impact on search engine optimization[edit]

Webmasters and SEOs are increasingly encouraged to make their websites more secure. Thus Google has included SSL encryption since August 2014 as a ranking factor. If this encryption technique is used, the risk of a man-in-the-middle attack is lower than without encryption.

To ensure that users are sufficiently protected against attacks, website operators also should regularly update their software and servers so that no third party can hack into the traffic between servers and clients. In addition to SSL encryption, Google also monitors for security violations and warns webmasters if their website was hacked, providing it is registered with Google Search Console.