What is SSL stripping and how to avoid it?

  • What is SSL Stripping

     

    SSL Stripping, also known as SSL Downgrade attacks, is in simple terms, high-tech , undetected eavesdropping.
    The aim of an SSL Stripping attack is always to kill secure communication without the victim realizing. It’s all about data collection and manipulation.
    SSL Stripping allows attackers to downgrade your connection from a secure HTTPS to an insecure HTTP. This in turn, leaves you vulnerable to spying and data manipulation.
    It is somewhat similar to wiretapping, just a little more technical.
    However, both wiretapping and SSL Stripping have a ‘man-in-the-middle’ – the person who does the eavesdropping. In this case, it’s the hacker, who creates a proxy server that intercepts and reroutes the traffic from a victim’s computer to theirs. They can then use the intercepted information to do just about anything they want.
    Users will often not realize their information is being or has been compromised, because they will end up on a page that looks practically the same as the one they were searching for.
    That’s how SSL Stripping tricks users into believing their connection is secure and their data encrypted, but the connection is actually insecure and the data is sent in plain text, because the encryption would have been stripped from it. That’s why it is called SSL ‘strip’.

    How does SSL stripping work?

    SSL Stripping thrives in threes. An attack cannot happen without three required entities present.
    There has to be:
    • The victim’s system
    • A secure web server
    • The attackers system
    With those three pieces in place, the wheel of deception starts spinning.
    Here’s an example.
    Jane is trying to buy a pair of shoes through a secure, HTTPS- enabled website.
    John - the hacker - realizes this and wants to capture the communication and see Jane’s confidential information. Think credit card number, passwords, etc.
    To do this, John puts himself in the middle of the transaction, by establishing a connection with the victim. This then cuts Jane’s communication with the secure server.
    Jane, unaware of what’s happening, continues her shopping; finds the shoes she likes and proceeds to pay by requesting a banking site on her browser.
    The request however goes to John, who forwards it to the server of the actual banking site.
    The web server sends the response to John, thinking it is Jane- in the form of an HTTPS URL.
    John then proceeds to use his coding skills to downgrade the secure HTTPS URL to an insecure HTTP URL and passes that on to Jane, who is clueless as to what transpired in the background.
    Because John’s attack was successful, whatever information Jane sends is no longer encrypted. This gives John full access to her passwords, credit card details, home address, etc.
    Note carefully, that John’s information is never compromised during the attack, because his communication with the website is SSL protected.
    The process may seem long and time consuming, but it only takes a few minutes to launch a successful SSL Stripping attack.

    Post a Comment

    0 Comments