SSL Stripping

EpicGlobalWeb

EpicGlobalWeb

Well-known member
Registered
Joined
Jan 24, 2016
Messages
180
Points
0
I've seen demos on devices like the WiFi Pineapple where SSL can be "stripped" and the security would then be about the same as regular http. This is a problem and I'd like to know if there are defenses against it. MITM attacks like this seem to be hard to detect. Also, does the level of encryption matter or add any later of protection against SSL stripping? For instance, 256 bit vs 128, etc.
 
VirtuBox

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
The easier is to use HSTS (HTTP Strict Transport Security).

HSTS tells the browser to only communicate with the server via HTTPS. The browser remembers the HSTS header from the server from the first time it was seen. When the user visits the site again, the browser enforces that all communication is done via HTTPS.
Click to expand...
Source : https://avicoder.me/2016/02/22/SSLstrip-for-newbies/
 
RDO Servers

RDO Servers

Well-known member
Registered
Joined
Apr 3, 2015
Messages
1,027
Points
83
For SSL Stripping to work, you have to first connect to the remote server via http. If you are careful to go straight to the https version of sites, this will help a lot.
Also be sure to watch your address bar and make sure you stay on https.

HTTPEverwhere installed on your machine will (should) force you to connect via https only.

Using a VPN service can also help greatly to prevent MITM attacks.
 
EpicGlobalWeb

EpicGlobalWeb

Well-known member
Registered
Joined
Jan 24, 2016
Messages
180
Points
0
Right, because the attack in this case appears to happen at the time of connect before the data gets encrypted without actually breaking any encryption.
 
RDO Servers

RDO Servers

Well-known member
Registered
Joined
Apr 3, 2015
Messages
1,027
Points
83
EpicGlobalWeb

EpicGlobalWeb

Well-known member
Registered
Joined
Jan 24, 2016
Messages
180
Points
0
Wikipedia says the initial request with HSTS is still initially unprotected. I'm trying to wrap my head around the benefit then because so is https. Here is the source: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

I see what you're saying about the benefits. Maybe the solution is actually in some kind of packet sniffing like WireShark to find out what's unusual?
 
You must log in or register to reply here.
Older Threads
EpicGlobalWeb
Is CentOS Basically Server-Ready?
Replies
5
Views
4,382
Optimidia
CarpCharacin
Kimsufi alternatives
Replies
16
Views
12,207
Shorty
EditName
[Need] New Ways to do Hosting
Replies
8
Views
4,411
EpicGlobalWeb
EditName
Hello Peeps
Replies
12
Views
4,738
ulterios
S
Searching Reseller/Master Reseller Hosting
Replies
12
Views
5,713
Jeff Martin
Newer Threads
postcd
iptables rules processing speed depends on RAM, CPU or HDD the most?
Replies
1
Views
2,759
UnderHost
EpicGlobalWeb
ISP Bandwidth Limitations
Replies
2
Views
2,703
LJSHost
Nemanja
Is a Dedicated Server more secure than a VPS?
Replies
8
Views
5,598
Colombiawebs
Alex_smith
Litespeed host wanted
Replies
4
Views
3,793
HostXNow
mattnz
How to configure a Dedicated Server?
Replies
3
Views
3,275
LJSHost
Latest Threads
josephilip
Welcome to ServerMO: Excellence in Dedicated Server Hosting
Replies
0
Views
41
josephilip
cancan
Save an incredible 90% off! The Best HostPapa Deal so Far: Unlimited SSL, 50 GB NVMe, 24/7 support
Replies
0
Views
71
cancan
M
How to Choose the Best Web Hosting Provider for a New Website ??
Replies
1
Views
57
BlueLeaf
J
Jtti: What are some common misconceptions about firewall rules?
Replies
0
Views
162
jtti
Mvv758
Hello
Replies
1
Views
86
AlbaHost
Recommended Threads
W
50% OFF Hosting - Free Domain | LetsEncrypt SSL | Website Builder | Free Backups | Cloudflare | SSD
Replies
0
Views
1,827
WHGBTom
ForwardWeb
Only $1.03 for your first month or $10.48 for your first year, Unmanaged VPS, Very Dependable!
Replies
0
Views
1,616
ForwardWeb
arindamb
How much RAM to install cPanel on an unmanaged VPS or a Dedicated Server?
Replies
16
Views
10,536
GswHosting
Knowing Roger
What will you choose?
Replies
9
Views
5,391
christophergrayson
Marc0
How to use htaccess to protect your config files
Replies
0
Views
2,694
Marc0
Similar Threads
cancan
Save an incredible 90% off! The Best HostPapa Deal so Far: Unlimited SSL, 50 GB NVMe, 24/7 support
Replies
0
Views
71
cancan
Arthur
Forwarding domain through DDNS for SSL
Replies
3
Views
1,188
David Beroff
Support@MainVPS
SSL on VPS: Necessary or overkill?
Replies
1
Views
1,055
Kaz Wolfe
David Beroff
OpenSSL Cpanel is expired?
Replies
1
Views
956
AlbaHost
Josie Peterson
How to uninstall SSL certificate?
Replies
1
Views
857
Dr. McKay

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • free
  • hello
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top