SSL
stripping attacks, or also known as "SSL strip," are one of the
lesser-known risks when it comes to surfing the Internet, but they can pose a
serious danger to all users who do not take precautions when connecting to the Internet
because they could face information theft, bank account theft and even
impersonating us. Today in RedesZone, we are going to see in detail what
the popular SSL stripping attack consists of, what the risks are if we do not
takethe necessary precautions, and what we can do to prevent this dangerous
cyberattack
What is SSL Stripping?
When we surf the Internet, we can do it with the HTTP
protocol, where all the information is sent and received in clear text, so it
is very dangerous to use it because a cyber attacker could put me in the middle
of the communication to read all the information and even modify it on the fly,
with the aim of harming us. With the launch of the HTTPS protocol, which
works on the TLS protocol that provides us with confidentiality,
authentication, integrity, mass email and non-repudiation, this is already more
complicated because all traffic is encrypted end-to-end from the web browser to
the webserver. Furthermore, all communication is authenticated thanks to the
SSL / TLS certificate of the webserver.
The SSL Strip is a type of cyberattack that tries to
take over a user's data when accessing a web address protected by an SSL / TLS
certificate; that is when we are using the HTTPS application layer protocol. To
do this, this technique uses an intermediary attack,
also known as "Man in the Middle," where the information sent by the
user is intercepted before it becomes encrypted, thanks to the HTTPS protocol
of the webserver. This allows you to get hold of critical private data,
usually login credentials or banking information.
How does the SSL Strip work?
SSL Stripping attacks typically occur through a Man in
the Middle attack where a cybercriminal impersonates a legitimate network, for
example, by creating a fake WiFi hotspot or access point in a coffee shop or
library. Through this type of attack, the cybercriminal is able to
intercept the data sent by users in certain browsers and websites before the
SSL / TLS protocol of HTTPS communication encrypts them, without the website or
the user detecting any anomaly. Or notice via a web browser.
This same attack could be carried out if we connect to
any network; it is not necessary for the cybercriminal to create the false
access point because it can execute an ARP Spoofing attack to "trick"
the victim into believing that the cyber attacker is the router or default
gateway, in this way, all traffic will also go through the attacker's computer
to be able to read and even modify all the information.
Weak points in unprotected websites
The SSL Strip is a type of attack that works on all
websites that have not activated the HSTS protocol and if we do not have the
HSTS cookie installed in the browser. This protocol forces all
communications to always work over HTTPS because when carrying out this attack,
the user's web browser will see that it is not communicating with the web
through HTTPS but through HTTP. In this way, a cybercriminal can receive
unencrypted data from a user who browses any of the web pages and be able to
appropriate the user's data.
How to avoid SSL Strip attacks?
There are several ways to avoid this type of attack, and
they vary depending on whether you are visiting a website or if you manage one.
