Yes, back when I was playing around with my WiFi pineapple there were a wide variety of tricks to break SSL authentication without it being obvious to users. Easiest was to terminate the SSL connection on the pineapple and re-encrypt it with a new SSL cert from there to the users browser, so to the user it looked like everything was secure but in reality their traffic was only encrypted from them to the pineapple, then decrypted, sniffed and re-encrypted to pass along to the target websites with normal SSL.
Man in the middle attacks really do give the attacker tons of options
Not often. For web browsing - and the majority of apps - your session is encrypted and certified. Breaking SSL is possible but you’ll know about it due to the lack of certs.
Does this matter if the traffic is encrypted, such as an https website instead of http? Like, really how often is internet traffic unencrypted?
Yes, back when I was playing around with my WiFi pineapple there were a wide variety of tricks to break SSL authentication without it being obvious to users. Easiest was to terminate the SSL connection on the pineapple and re-encrypt it with a new SSL cert from there to the users browser, so to the user it looked like everything was secure but in reality their traffic was only encrypted from them to the pineapple, then decrypted, sniffed and re-encrypted to pass along to the target websites with normal SSL.
Man in the middle attacks really do give the attacker tons of options
Not often. For web browsing - and the majority of apps - your session is encrypted and certified. Breaking SSL is possible but you’ll know about it due to the lack of certs.