Man-in-the-middle attacks on applications