{"id":295,"date":"2019-07-18T17:28:24","date_gmt":"2019-07-18T17:28:24","guid":{"rendered":"https:\/\/www.rapidsslonline.com\/ssl\/?p=295"},"modified":"2019-08-09T14:14:16","modified_gmt":"2019-08-09T14:14:16","slug":"what-is-ssl-stripping-attack","status":"publish","type":"post","link":"https:\/\/www.rapidsslonline.com\/ssl\/what-is-ssl-stripping-attack\/","title":{"rendered":"What is an SSL Stripping Attack \u2014 Explained by SSL Experts"},"content":{"rendered":"\n

How cybercriminals strip use this form of Man-in-the-Middle attack and what you can do to stop them<\/h3>\n\n\n\n

SSL stripping attacks make sense on an intuitive level as\nsoon as you hear the name. But, on a technical level, most people have no idea\nwhat\u2019s actually happening or how it works.<\/p>\n\n\n\n

Granted, some people are completely happy to live their entire lives without finding an answer to that question. We call those people normal and well-adjusted. But, if you\u2019re reading this, that clearly isn\u2019t you. You’re like us \u2014 your mind yearns to rent space to obscure facts and explanations. We appreciate that mentality.<\/p>\n\n\n\n

SSL stripping, as the name implies, is an attack that uses the SSLStrip tool or related techniques to strip away the protection provided by the SSL\/TLS protocol and HTTPS. It\u2019s a form of Man-in-the-Middle attack<\/a> (MitM) that takes advantage of the TLS protocol and the way it begins connections. To understand everything, we\u2019re going to need to start with HTTPS and MitM.<\/p>\n\n\n\n

HTTPS and the Man in the Middle<\/h2>\n\n\n\n

When the worldwide web was first conceived, it wasn\u2019t intended for commerce or vital services. It was a way for the government and academia to share information. This didn\u2019t require much security. <\/p>\n\n\n\n

When the internet was commercialized, security and privacy\nbecame key considerations in an \u201coh $#!%, we need to do something about this\u201d\nkind of way. The creation of the secure\nsockets layer<\/a> (SSL) protocol was the first attempt at an answer. It made\nconnections via a secure channel, port 443, and layered encryption over\nconnections at the application level. This was known as HTTP over SSL or HTTPS.\n<\/p>\n\n\n\n

The Move from SSL to TLS<\/h3>\n\n\n\n

But SSL was flawed and was quickly found to be vulnerable.\nSSL 3.0 was replaced with transport layer security (TLS) 1.0 in 1999. The key\ndifference was that TLS began connections with a hello via an insecure channel\nbefore being redirected to a secure one. Both use port 443 and encrypt HTTP\nconnections. But the genesis of those connections differed.<\/p>\n\n\n\n

And that\u2019s where SSL stripping comes in. But before we can\nget there, let\u2019s discuss the man in the middle.<\/p>\n\n\n\n

Where Man in the Middle and SSL Stripping Intersect<\/h3>\n\n\n\n

When you connect to a website \u2014 or, really, any network on\nthe internet \u2014 your connection has to be routed through dozens of other points\non its way to its destination. It\u2019s not a 1:1 type of thing. If you\u2019re not\nusing encryption\/HTTPS, all the data you\u2019re transmitting over that connection\npasses through each one of those points in plaintext.<\/p>\n\n\n\n

That means anyone that is eavesdropping at one of those\npoints \u2014 which aren\u2019t all secure \u2014 can effectively intercept, read, and even\nmanipulate everything being communicated. The answer to this has historically\nbeen to encrypt the connection so even if someone is eavesdropping the data is\nin ciphertext and unreadable to the attacker.<\/p>\n\n\n\n

What does all of this have to do with SSL stripping, you may\nwonder? SSL stripping is a workaround for that encryption.<\/p>\n\n\n\n

What is SSL Stripping?<\/h2>\n\n\n\n

Ok, remember we just discussed how TLS begins with an\ninsecure hello (just like my dating life) before it\u2019s redirected to a secure\nchannel. If a Man-in-the-Middle attacker can redirect the client to an HTTP\nversion of the website, it can steal information and manipulate the connection.\n<\/p>\n\n\n\n

There are several ways this can be done. The easiest is probably to set up a spoof Wi-Fi network in a public setting and attack the people who long onto it. You can also compromise a point somewhere in the middle of the connection. <\/p>\n\n\n\n

\"Graphic:<\/figure>\n\n\n\n

Because that initial hello and HTTP redirection request is\nunencrypted, a MITM can alter it and send the user to an insecure version of\nthe page. Keep in mind, however, that when you install SSL, you\u2019re essentially\ncreating a duplicate of your website with HTTPS URLs. Those original HTTP URLs\nstill exist, though. Usually, you use 301 or 302 redirects to ensure users\ncan\u2019t reach the HTTP site, but if an attacker can manipulate the redirect, they\ncan still send the user to that page.<\/p>\n\n\n\n

Now the user is still on your site, interacting as they\nnormally would, but every bit of data they transmit is in plaintext.<\/p>\n\n\n\n

In an SSL stripping attack, the attacker acts as a bridge.\nIt\u2019s making an HTTPS connection with the server and an HTTP connection with the\nclient. That makes the connection appear secure \u2014 almost as if you were using a\nVPN, but the attacker is stealing data. <\/p>\n\n\n\n

How Can You Prevent SSL Stripping?<\/h2>\n\n\n\n

There are two main tactics that can be used to avoid SSL\nstripping attacks. <\/p>\n\n\n\n