An attacker can remove the encryption from a client-server communication by using SSL stripping, aka SSL Hijacking. In this post, we will discuss SSL stripping and some related topics in detail.
While SSL is used to secure the communication between the client and the server across the Internet, SSL can often provide a false sense of security. Moxie Marlinspike, a software engineer and a hacker, created a tool called Sslstrip and demonstrated it at Black Hat DC 2009.
Sslstrip does not attack the SSL itself, but it strikes the transition of the client-server communication from non-encrypted to encrypted.
What is SSL Stripping?
SSL Stripping is a Man-in-the-Middle (MITM) attack where attackers intercept and downgrade the communication between the client and the server from an encrypted format (HTTPS) to an unencrypted form. This attack is also known as SSL downgrade or HTTP downgrade attack.
Attackers know that most of the communication between your computer and a web server will be over an encrypted channel. Very commonly, we use HTTPS as the communication protocol to send information back and forth. We know that all data in that channel is encrypted and safe from the prying eyes of any attacker.
However, the attacker also knows that it could find ways to get into that data if it’s able to intercept and manipulate the data flow. SSL stripping is how an attacker can sit on the path in communication and modify the communication between the client and the server so that it’s able to see all of that data in the data flow.
To execute an SSL stripping attack, an attacker has to sit in the middle of the communication between the client and the server, which the attacker can achieve in one of the following ways:
1. Proxy Server
A proxy server is an intermediary between the End-user and the Internet, which organizations across the globe use to inject security, traffic filtering, and compliance into the traffic. It is also often referred to as an application-level firewall. The most commonly used proxy servers are for Web Traffic (HTTP/HTTPS and FTP); however, organizations can use proxy servers for a range of different protocols.
Often, attackers can mimic the functionality of a proxy and act as an intermediary intercepting and compromising the network.
2. ARP Spoofing
ARP spoofing is a Man in the Middle (MITM) attack where the attacker sends falsified ARP response messages to systems within a local subnet. Using ARP spoofing, the attacker corrupts the ARP cache and misleads the system to send the packets to a compromised system initially destined for a different destination.
For more details about ARP spoofing, please refer to our earlier blog post around ARP Spoofing.
3. Rogue Wi-Fi hotspot
A rogue Wi-Fi hotspot is a Wi-Fi access point trap set by an attacker. This hotspot mimics a legitimate hotspot offered by a business, such as a hotel or a coffee shop that provides free Wi-Fi access points to its customers.
From the victim’s machine, everything will seem pretty normal. Nothing unusual or abnormal on the victim screen except for the browser page itself that is generally encrypted is unencrypted. The user is communicating over HTTP instead of communicating via HTTPS. In different words, we can say that the attacker strips “S” out of the HTTPS.
This attack can be avoided by upgrading and maintaining the software of both the client and the server. If you can ensure that the browser you are using and the web server software in use is not vulnerable to a downgrade, you can avoid this type of attack.
What is SSL?
Evolution of SSL Protocol
The following table represents how the protocol has evolved in time.
Evolution of SSL
|Protocol||SSL 1.0||SSL 2.0||SSL 3.0||TLS 1.0||TLS 1.1||TLS 1.2||TLS 1.3|
|Release Year||No Public Release||1995||1996||1999||2006||2008||2018|
|Deprecated in||N/A||2011||2015||2015||2020||In use||In use|
Netscape developed the SSL protocol in the 90s. Dr. Taher Elgamal is recognized as the “Father of SSL” for his work at Netscape, which helped secure the Internet by establishing secure and private communication.
SSL version 1.0 was not released publicly since there were serious security flaws in that protocol. SSL version 2.0 was released in Feb 1995, which again contained several security flaws which paved the way for the design of SSL version 2.0
SSL v2.0 and 3.0 were deprecated in 2011 and 2015, respectively.
After 3.0, the name of this protocol was changed to Transport layer security of TLS. It was effectively an upgrade over SSL 3.0. However, it provided a way to communicate with its vulnerable predecessor, SSL 3.0. So this was gradually deemed not to be a good version to use either. It was deprecated in June 2015
TLS 1.1 was released in 2006; however, it was deprecated in January 2020 by most browsers. TLS 1.2 & 1.3 are the latest accepted standards and are commonly used to communicate with a Web Server.
How does SSL Stripping attack work?
With an SSL stripping attack, you have a website visitor communicating to a web server, but an attacker is sitting in the middle of this communication. To start a regular web server communication, a client typically will initiate a “Get” command. In this case, the end-user is sending an HTTP URL to the web server itself. The attacker will be proxying or sitting in the middle of this to modify any communication between these two devices.
Since this attacker is sitting in between, it will effectively receive this command and send it unchanged to the Web server. The web server evaluates the request and notices that the client is asking for a non-encrypted version of this page. So it will send a response to the client to communicate via HTTPS.
The attacker does not want the HTTPS communication to occur. So it’s going to intercept this request and send back the HTTPS version of that request to the Web Server.
This will allow the attacker to set up an encrypted channel to the Web server but not with the end-user. This Web Server will send the requested information over HTTPS. The attacker will decrypt it and send it back in a clear text or non-encrypted HTTP page to the website visitor.
This page is a normal response to a request made earlier. This process can continue as the visitor might send a post command to log in to that server with their username and password. Since the credentials are transmitted unencrypted and the attacker is in the middle of the communication, the attacker can see the username and password. The visitor does not have an idea that the attacker made these changes in the middle.
The attacker can view all of that information and forward it to the website visitor. He will pass the credentials to the webserver over the encrypted channel using HTTPS. This process will go on with the Web server responding to the login request.
The attacks expose the website to eavesdropping and data manipulation by forcing it to use insecure HTTP rather than secured HTTPS.
How to stay protected from SSL Stripping attacks?
1. Use HTTP Strict Transport Security header (HSTS)
The HSTS header informs the browser never to load the site using HTTP and automatically converts all attempts to browse the site using HTTP to HTTPS instead.
The first time the visitor is accessing the website using HTTPS, the site returns the HSTS header. The browser will record this information and will automatically use HTTPS for any future attempts to load the website in place of HTTP.
2. Enable site-wide SSL (Only Support HTTPS)
You can enforce HTTPS for any requests coming to the server. However, doing that may depend on the services offered by a website. If the website is serving multimedia content and using CDNs to deliver it, it might be challenging.
3. Enable Certificate Pinning
Certificate pinning is the practice to restrict which certificates should be considered valid for a particular website. Instead of allowing all trusted certificates to be used, webmasters “pin” the certificate authority (CA) issuer(s), public keys, or sometimes end-entity certificates. Clients connecting to the server will discard all other certificated as invalid and refuse to establish an HTTPS connection.
One key issue with pinning is that your ability to respond to certificate issues is limited. Many CAs like DigiCert advise against pinning since the complexities outweigh the benefit.
4. Enable Secure Cookies
A secure attribute is a configurable option that can be set by the server while sending a new cookie to the visitor within an HTTP Response. The objective of the secure attribute is to prevent cookies from being monitored or abused by any unauthorized parties since the communication is happening in plain text.
In other words, by using the secure attribute, the browser will stop the transmission of cookies over an unencrypted channel.
5. Redirect users to the HTTPS
6. Use a Virtual Private Network(VPN)
Virtual Private Networks or VPNs are effective tools to protect your data on websites irrespective of the connection type. If the user uses a VPN connection while viewing an HTTP website, all the data remains encrypted due to the VPN. This additional layer of security will help you effectively defend against MITM attacks.
While SSL stripping is an effective way for attackers to find their ways in, unfortunately, this is just one of the ways attackers can abuse SSL. Hackers now also use HTTPS encryption to cover their tracks effectively and get past firewalls, behavior analytics, and state-of-the-art sandboxing technologies. SSL has become a great and effective way to get malware inside the network without ringing any alarm bells.
While encryption is essential, we highly recommend maintaining tight control over the digital key and cryptographic certificate that enable encryption. You must also inspect and decrypt encrypted traffic wherever possible. This will help to detect and stop threat actors before they abuse encrypted systems.