Content

DeMISTIfying Infosec: SSL Stripping Attack

By Katherine Teitler

SSL Stripping Attack

An SSL stripping attack is a malicious attack on client-server communications in which the attacker intercepts traffic and manipulates the secure protocols used to encrypt would-be private communication. To initiate an SSL stripping attack, the adversary uses stripping tools like SSLstrip or takes advantage of insecure WiFi hotspots.

Once the attacker has compromised an access point or uses a stripping tool to intercept traffic, s/he listens on the interface, hijacks the response, and degrades the use of HTTPS to HTTP to communicate with the client.

In untampered communication, traffic flow looks like this:

 

Source: http://blog.checkpoint.com/2016/03/07/targeted-ssl-stripping-attacks-are-real/

Traffic is altered in an SSL stripping attack to look like this:

Source: http://blog.checkpoint.com/2016/03/07/targeted-ssl-stripping-attacks-are-real/

An SSL stripping attack doesn’t break encryption, nor does it rely on a server to accept a faulty certificate, which makes SSL stripping difficult to detect.

Once an attacker has a cleartext view of the user’s communications, s/he can steal credentials, view and retrieve sensitive information, and expose the unencrypted traffic to anyone on the network.

Also called an HTTPS-downgrade attack, an SSL stripping attack is similar to a Man-in-the-Middle attack, but displays fewer indicators of compromise.

Get the DeMISTIfying InfoSec newsletter every Tuesday!

 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.