Man-In-The-Middle is an attack whereby the attacker intercepts the message when the public keys are being exchanged and replaces the original key with his own public key, so that it the 2 parties still appear to be communicating with each other.
Let us understand this whole concept with the help of an example. Suppose, you are an employee of a MNC will a billion dollar turnover. The company has strict policies with regard to its employees and monitors every mail message of its employees, or tracks the traffic for presence of malware or other secure information related to the company.
In order to monitor the traffic, the company breaks into the SSL/TLS connection with the use of a SSL proxy, such as ProxySG. The proxy intercepts the traffic between a user and the outside world. When the user browses to a secure connection, the proxy fetches the digital certificate on the behalf of the user and creates a fake digital certificate dynamically and presents it to the user. The user receives an error message, notifying that the digital certificate is not legitimate. The user clicks on the message even without knowing what actually happened.
However, if the company had taken steps to ensure that the user’s browser sees the digital certificate as a trusted one, then the user would not have seen the message. Behind the scenes, 2 successful and secure SSL/TLS connections have been established; one between the proxy and the server, other between the user and the proxy. On the proxy, the information can be viewed as a plain text. This information is then searched for predefined keywords or malware.
Similarly, the attackers could intercept a secure web connection using a proxy tool. A single tool available for free can help an attacker, intercept a secure web connection.