What is a Man-in-the-middle Attack?
Man-in-the-middle attacks occur when an attacker forces a client to connect to a server other than the one that the client intended to connect.
By injecting a fake root certificate into the Windows certificate store, malicious actors can often fool browsers into trusting a connection to a server operated by an attacker. This is known as certificate root poisoning and is the most commonly used technique for launching man-in-the-middle attacks. If successful, all data sent from your browser would be routed through the attacker’s server. The following diagram shows a typical man-in-the-middle attack: