There is a constant battle between businesses and hackers in securing confidential information. Data breaches and hacks are issues for businesses regardless of size, causing huge complications by exposing sensitive information. Whenever cyber security experts come up with a preventive solution, the attackers find another route. One such new, less-known technique is SSL Stripping. The problem is that SSL Stripping attacks are easy to launch and extremely dangerous.
SSL Stripping is a form of MitM (Main-in-the-Middle) attack, which takes advantage of encryption protocol and the way it starts connections. This attack evades the security provided by secure HTTPS connections between the users and web browsers and exposes the traffic and sensitive information being exchanged in plain text to eavesdroppers.
While exposing sensitive information, this attack also allows attackers to manipulate the contents being transferred. As it downgrades SSL/TLS encryption connections, it is also known as SSL Downgrade Attack.
When a secure connection is needed, users and browsers use an SSL encryption certificate, establishing an encrypted link between two parties.
The following actions take place when establishing a secure connection:
The SSL encryption process guarantees both integrity and privacy. Attackers cannot intrude into a secure HTTPS connection between the user and server.
Where attackers intercept the connection
Since the initial request and HTTP redirection response is in plain text, the attackers intercept the user requests. The attacker acts as a bridge between the two parties by establishing a legitimate connection to the server via HTTPS protocol and an HTTP connection with the user.
The attacker can be able to do a MitM attack. When the server sends a response, the attacker intercepts it and sends it to the user in an unencrypted format, pretending as the server.
Now it is not a 1:1 kind of communication. All the data transferred from the user will go via the attackers’ server rather than going directly to the legitimate server. Similarly, the server response will be sent via the attacker server in the middle. As there is no encrypted communication between the user and server, all the message transferred over this connection is exposed to everyone, including the attacker.
Most victims will not be aware that the URL received are insecure HTTP connection, and all the sensitive information passed will be transferred as plain text.
Conclusion
The SSL Stripping attack takes advantage of users not requesting secure pages explicitly and relying on the web servers to redirect them to the secure version of the requested website. Most users are unaware of this attack, but by arming with a robust SSL encryption connection, website owners can prevent themselves from being victims of this SSL Stripping and MiTM attacks.
Stay tuned for more relevant and interesting security articles. Follow Indusface on Facebook, Twitter, and LinkedIn.
This post was last modified on January 1, 2024 20:23
Indusface has once again been recognized as a Gartner® Peer Insights™ Customers' Choice for Cloud… Read More
Protect your business from DDoS attacks with multi-layered DDoS defense, proactive threat modeling, rate limiting,… Read More
A Managed WAF is a comprehensive cybersecurity service offered by specialized providers to oversee, optimize,… Read More