These attacks are especially successful on sites that require secure authentication with a public key and a private key, like online banking and e-commerce sites, as these give attackers easy access to users’ login credentials and other confidential information.

The attack is usually carried out in two steps: data interception and decryption. In this first step the attacker will find a way to intercept data between the client (user’s browser) and server (web site).

Hackers use several deceptive tactics in order to maintain control over intercepted communications such as IP address spoofing, DNS cache poisoning, or ARP spoofing. The next step is decrypting any encrypted messages that have been intercepted in order to gain access even more sensitive information from the transmitted context.

More info: What Exactly Is A Connectionless Protocol?