/ ANNOUNCEMENT — APR 29, 2026

Man-in-the-middle, covered end to end.

You can’t detect “a MITM” directly — it’s a goal, not a technique. So we shipped the detectors for every road that leads to it, and tied them together.

With ARP, evil-twin, and DNS detection all shipped, WifiThreatWatch now covers the man-in-the-middle attack end to end — not as a single magic “MITM detector,” but by catching the concrete techniques that create one, verifying they’re live, and breaking the attacker’s targeting.

A man-in-the-middle isn’t one attack. It’s a destination — with three roads leading in.
/ THE IDEA

Detect the technique, not the abstraction

“Man-in-the-middle” is the umbrella term for any attack that puts an adversary between you and the internet. ARP spoofing, evil twins, and rogue DNS are different roads to the same place. So rather than looking for a MITM in the abstract, we detect the fingerprints each road leaves.

YOUINTERNETdirectADVERSARYreading as it passes
MAN IN THE MIDDLEthe same connection, re-routed so your traffic passes through the adversary
/ THE GAP WE CLOSE

Why a VPN alone leaves the door open

Encryption protects the contents of your traffic, but a man-in-the-middle still owns your path — they see metadata and destinations, can attempt downgrades, and can interfere. That’s the exact gap WifiThreatWatch exists to close: not hiding your data around an attacker, but telling you the attacker is there.

YOUyour deviceATTACKERin the middleNETthe internetsees: path · metadata · timingcontents stay encrypted — but still routed through them
ENCRYPTED, STILL ROUTEDa VPN hides what you send — not the fact that an attacker is on your path
/ THE RESPONSE

Remove the target, then encrypt

Detection is half the story. When an attack is confirmed, Active Defense removes what the attacker is targeting: it disconnects, randomizes your MAC and IP, reconnects with a clean identity, and only then brings up the encrypted tunnel — re-changing identity up to five times if the attacker keeps coming. The order is the point.

ATTACKER TARGETLOCKED
MACde:ad:be:ef
IP192.168.0.42
IDENTITY RESETa fresh MAC and IP break the attacker's lock before the tunnel comes up
/ THE PRICE

Detection is free

Detecting the techniques behind a man-in-the-middle ships in the free version. The Active Defense response — removing the target and bringing up the tunnel — is the part a subscription covers.

FREE FOREVERReal-time detection of the techniques behind MITM is free, for Windows.

Read more: the MITM threat page · how to detect a MITM · the Active Defense flow

Close the door a VPN leaves open.
Detection is free.