What is AiTM?

Adversary in the Middle Defined

Imagine you are logging into a critical corporate application. In a typical attack, a malicious actor might send you a fake login page (standard phishing). In an AiTM attack, the attacker doesn't just send you a fake page - they set up a transparent relay, or proxy server, that sits between your browser and the real application.

When you click the malicious link, your browser talks to the attacker's server, which at the same time talks to the real service for you. The attacker captures everything you send: your username, password, and one-time MFA code. When the service lets you in, it sends a session cookie. The attacker grabs this cookie and uses it right away to take over your session without permission.

This is a phishing proxy attack that turns a simple credential theft into a full-blown session hijacking event, often before the user even realizes their credentials were stolen.

How AiTM Differs from a Traditional Man in the Middle (MITM) Attack

While the names sound similar, the modern AiTM attack is fundamentally an evolution of the traditional Man in the Middle (MITM) technique, tailored to bypass modern security controls.

Feature	Adversary in the Middle (AiTM)	Traditional Man in the Middle (MITM)
Primary Goal	Steal session cookies for MFA bypass and identity-based attacks.	Eavesdrop, inject malicious code, or modify data in transit.
Key Technique	Reverse Proxy or Phishing Proxy.	ARP spoofing, DNS cache poisoning, or Wi-Fi eavesdropping.
Target Layer	Authentication and Identity layer (HTTPS).	Network and Transport layers (HTTP/TLS).
Success Criteria	Capturing the valid, post-authentication session cookie.	Breaking or intercepting TLS/SSL encryption.

The biggest difference is the goal and scope. Traditional MITM attacks aim to break encryption or interfere with network traffic. AiTM is a more advanced phishing proxy attack at the application level. It doesn't break encryption but stays inside the encrypted session, acting like a real client to the service and a real service to the user. Its goal is to steal the most valuable part of a successful login: the valid session cookie.

How AiTM Attacks Work in Modern Identity and Authentication Flows

The AiTM attack model works by exploiting the standard mechanics of web authentication, particularly those relying on cookies for persistent sessions.

1. Lure: The attacker sends a phishing email with a link to their reverse proxy server. The link looks like the real service (for example, login.microsoft.com) but actually routes through a fake site like login.evil-site.com.
2. Proxy Setup: The user clicks the link. The attacker's server establishes two simultaneous, encrypted connections: one with the victim's browser and one with the legitimate service (e.g., Microsoft 365 or Google Workspace).
3. Credential Capture: The user enters their username and password. The proxy captures these credentials and immediately passes them to the legitimate service.
4. MFA Bypass: The service prompts for MFA. The user enters the one-time code or approves the push notification. The proxy captures the MFA response and passes it to the service. This is the critical moment: the MFA code is only valid for a short time, but the proxy captures and uses it instantly.
5. Session Hijacking: Upon successful authentication, the legitimate service issues a new, authorized session cookie. The proxy intercepts this cookie before passing the subsequent web page back to the victim. The attacker saves the session cookie for later use, effectively hijacking the authenticated session.

The victim thinks they've logged in successfully, but the attacker now holds a valid, long-lasting session token that gives them quiet, instant access to cloud resources.

Real-World Attack Scenarios, Including MFA Bypass Cases

AiTM is not theoretical; it is a prevalent technique used by well-resourced threat actors for large-scale identity-based attacks.

Scenario 1: Cloud Email Compromise

An attacker targets a senior executive in an organization using an AiTM proxy specifically targeting their Microsoft 365 login.

• The executive receives an email about a "document sharing alert."
• They click the link, authenticate with username, password, and push-based MFA.
• The attacker's proxy steals the resulting session cookie.
• Later that night, the attacker uses the stolen cookie to bypass the executive's MFA and access their email. From there, they can set up forwarding rules, launch internal phishing attacks, and steal sensitive information. This is a classic example of MFA bypass.

Scenario 2: SaaS Application Access

A security engineer is targeted via a fraudulent alert regarding their internal GitLab repository.

• The engineer logs into the malicious proxy, which successfully authenticates them to GitLab using their credentials and time-based one-time password (TOTP).
• The session cookie is stolen.
• The attacker uses the stolen session to download source code, commit malicious code, or access sensitive intellectual property within the developer platform.

These real examples show why AiTM is so effective: it defeats MFA, the security measure many organizations depend on to protect their identities.

Why AiTM Attacks Are Increasing

The rise of the AiTM attack is a direct response to the widespread adoption of MFA and the shift to cloud infrastructure.

The Problem with MFA Alone

MFA worked well against simple credential theft. But traditional MFA assumes that providing two factors means you're the real user. AiTM breaks this assumption. Because the proxy is active during login, the attacker gets and uses the valid MFA token before it expires, effectively bypassing MFA.

Focus on Session Cookies

Modern cloud and SaaS platforms rely on long-lasting session cookies to keep users logged in for hours, days, or even weeks without re-authenticating. This cookie is the key to everything, and stealing it is the attacker's main goal in an AiTM attack.

Availability of Tooling

It's now much easier to carry out these phishing proxy attacks. Tools like Muraena and Evilginx are widely available, letting even less-skilled criminals set up reverse proxies tailored to popular cloud services.

To see an Evilginx-based AiTM attack in action - from phishing page setup through MFA bypass to lateral movement in Azure - try the Bypass Azure MFA with Evilginx lab on Pwned Labs.

Impact and Potential Consequences for Organizations

An AiTM attack can have serious consequences, often resulting in a breach across the entire organization.

Data Breach and IP Theft

The primary consequence is unauthorized access to cloud resources, leading to the theft of sensitive data, customer information, or intellectual property. Since many attacks target high-value users like administrators or executives, the volume and sensitivity of the exposed data can be immense.

Financial Fraud and Lateral Movement

With access to email, attackers can launch Business Email Compromise (BEC) attacks, often involving directing wire transfers to fraudulent accounts. The compromised session also allows for lateral movement, where the attacker can use the stolen identity to access other linked systems and services, potentially deploying ransomware or other malware.

Reputational Damage

A successful session hijack or MFA bypass damages trust in the organization's security, hurting its reputation with customers, partners, and regulators. The costs for incident response and fines can be very high.

Detection Methods and Defensive Best Practices

Defending against AiTM attacks requires a layered approach focusing on detection and moving beyond simple username/password plus MFA.

Phishing Education

Users must be trained to spot the subtle cues of a phishing proxy. Emphasize examining the full URL in the address bar, not just the text in the email. Even if the login page looks legitimate, the domain must be the legitimate service's domain.

Move to Phishing-Resistant MFA

The best defense is using phishing-resistant MFA like FIDO2 security keys (such as YubiKey) or certificate-based authentication. These methods link the session to a specific device and website, stopping attackers from using stolen cookies. The FIDO protocol is built to block proxies from relaying the key's response.

Session Monitoring and Conditional Access

Security teams (SOC analysts) must implement strong detection controls:

• Geographical Impossibility: Alert when a session's first login happens in one location but later activity using that session comes from a faraway location just minutes later.
• Token Replay Detection: Monitor for signs that a valid session cookie is being used from a new, unregistered, or anomalous user agent or IP address.
• Conditional Access Policies: Set rules that allow access only from trusted devices managed by the organization and from trusted network locations.

Advanced Endpoint Protection

Deploy capable endpoint detection and response (EDR) solutions that can detect and block traffic directed to known suspicious or newly registered AiTM proxy domains.

Who Is Most at Risk from AiTM Attacks

While any organization using cloud services and traditional MFA is a potential target, certain groups face elevated risks from these identity-based attacks.

Cloud-First Organizations

Companies with heavy reliance on SaaS applications (Microsoft 365, Salesforce, ServiceNow) are prime targets. Their entire operational identity and data reside in these cloud environments, making the successful theft of a session cookie an immediate path to compromise.

High-Value Targets

Individuals whose compromise would yield the greatest financial or strategic advantage are consistently targeted. This includes:

• C-Level Executives: Due to access to strategic information and authorization for financial transactions.
• IT Administrators and Security Engineers: As they possess elevated privileges that can lead to large-scale compromise, such as granting persistent access to the entire cloud environment.
• Finance Department Personnel: Due to their involvement in payment processing and wire transfers.

For cybersecurity professionals and technical managers, the threat is clear: AiTM attacks are the top phishing danger right now. Defense strategies need to quickly evolve to stop MFA bypass and block unauthorized session hijacking.

Related Labs

Experience an AiTM attack chain from start to finish:

• Bypass Azure MFA with Evilginx - Deploy an Evilginx-based AiTM phishing proxy, intercept Azure AD authentication flows to capture session tokens despite MFA, and perform lateral movement within the target Azure environment.

Frequently Asked Questions

Is AiTM the same as a traditional MITM attack?

No. An AiTM attack is an advanced, application-layer phishing proxy attack that specifically targets identity and authentication flows, primarily to steal post-authentication session cookies and achieve MFA bypass. Traditional MITM usually focuses on network-level eavesdropping or traffic manipulation.

Why is MFA not effective against an AiTM attack?

An AiTM attack is conducted in real time. The attacker's proxy captures the legitimate, single-use MFA token or response while it is still valid and uses it immediately to complete the login on the victim's behalf, thus bypassing the protection.

What is the most effective defense against AiTM?

The most effective technical defense is moving to phishing-resistant MFA methods like FIDO2 security keys. These tokens tie the authentication to the specific origin site, making it impossible for the attacker's reverse proxy to successfully relay the authentication material.

Are only large companies targeted by AiTM?

No. While major threat groups often target large enterprises, the availability of low-cost AiTM tooling means that organizations of any size are at risk of this session hijacking technique, especially if they rely on less secure forms of MFA.

How do AiTM attacks target cloud environments?

Adversary in the Middle attacks are highly effective in cloud and SaaS environments because these services rely on long-lived session cookies for user convenience. Stealing this cookie is the goal, as it grants persistent access to email, storage, and other cloud applications without requiring the attacker to re-authenticate.