Another form of man-in-the-middle attack happens when a hacker manages to stage an SSL stripping scheme against the victim. As we mentioned previously, hackers can’t break into legitimate HTTPS traffic between a client and a server even if they manage to intercept and relay the communications.
In the case of SSL stripping, the attackers downgrade the communications between the client and server into unencrypted format to be able to stage a MitM attack.
When a victim wants to connect to a server, the attacker intercepts the request and creates an independent, legitimate connection to the server through HTTPS protocol. When attackers receive the server’s response, they relay it to the victim in unencrypted format, posing as the server. Thinking they’re communicating with the legitimate party, the victim will continue to send information to the attacker, who will then relay it to the server in HTTPS.
Wary users will notice that they’ve been targeted by an SSL stripping attack if they look in their browser’s address bar and see that they’re connected through the unencrypted HTTP protocol. You can also install HTTPS Everywhere, a browser extension that enforces HTTPS communication wherever possible. HTTPS Everywhere will prevent an uninvited party from downgrading your communications to HTTP.
Another measure to protect against SSL stripping is to make sure your local network is secure and unauthorized parties don’t have access to it. SSL hijacking requires access to your local network. At the corporate level, setting up strong firewalls will also prevent outside parties from gaining access to your local network and moving laterally to stage MitM attacks.
The most common way of creating an SSL Striping man in the middle attack are:
1) Manually set the proxy of the browser to route all traffic
2) Address Resolution Protocol (ARP) Poisoning
3) Create a Hotspot and allow the victims connect to it
1) Enable SSL site wide – HTTPS only
2) Enable HSTS -HTTP Strict Transport Security
3) Enable Cert Pinning
4) Enable secure cookies,: ensure that all cookies are served with the secure attribute, so that your user’s browsers will only send those cookies back over SSL-protected connections and never disclose them over any non-SSL (HTTP) link.
5) Disable non-SSL access (HTTP) or redirect users to the SSL version of the web site.