The man-in-the-middle attack is a type of session hijacking that interrupts the TCP session between the client and the server. In this type of attack, the attackers monitor the communication between two end-users and modifies the information. This attack also requires an ability for accessing network packets over the computer network. The hijacking of the running session, theft of sensible information, traffic analysis to obtain information about the network, or corrupting the transmitted data to the server are the main objectives of this attack.
Any person can be man-in-the-middle attacker who is working for an Internet Service Provider (ISP) since they have the authority to access the network packets of the entire network. The attacker can use routing, sniffing and transport protocols for implementing this attack. For example, if two people or parties are communicating with each other, the malicious attacker can get into the conversation and gain access to the information that is being exchanged between the two persons or parties. The attacker can change the original message of the sender by controlling communication. The attacker can gain access to the information or can modify the original message in such a way that both the sender and receiver remain unaware of it until it becomes too late.