The Secret Security Wiki

Categories
Categories

SSL Stripping

Another form of man-in-the-middle attack happens when a hacker manages to stage an SSL stripping scheme against the victim. As we mentioned previously, hackers can’t break into legitimate HTTPS traffic between a client and a server even if they manage to intercept and relay the communications.

In the case of SSL stripping, the attackers downgrade the communications between the client and server into an unencrypted format to be able to stage a MitM attack.

When a victim wants to connect to a server, the attacker intercepts the request and creates an independent, legitimate connection to the server through HTTPS protocol. When attackers receive the server’s response, they relay it to the victim in an unencrypted format, posing as the server. Thinking they’re communicating with the legitimate party, the victim will continue to send information to the attacker, who will then relay it to the server in HTTPS.

Wary users will notice that they’ve been targeted by an SSL stripping attack if they look in their browser’s address bar and see that they’re connected through the unencrypted HTTP protocol. You can also install HTTPS Everywhere, a browser extension that enforces HTTPS communication wherever possible. HTTPS Everywhere will prevent an uninvited party from downgrading your communications to HTTP.

Another measure to protect against SSL stripping is to make sure your local network is secure and unauthorized parties don’t have access to it. SSL hijacking requires access to your local network. At the corporate level, setting up strong firewalls will also prevent outside parties from gaining access to your local network and moving laterally to stage MitM attacks.