Network Security
SSL Stripping
Also known as: HTTPS stripping, TLS stripping
Definition
A man-in-the-middle attack that silently downgrades a victim's HTTPS connection to plain HTTP so the attacker can read and modify the traffic.
Examples
- An attacker on a coffee-shop Wi-Fi forwards http://bank.example traffic and proxies a separate HTTPS session to the real bank.
- A rogue captive portal rewrites response links from https:// to http:// to harvest passwords.
Related terms
Man-in-the-Middle Attack
An attack in which an adversary secretly relays or alters communications between two parties who believe they are talking directly to each other.
HTTP Strict Transport Security (HSTS)
A web security policy delivered via an HTTP response header that tells browsers to access a domain only over HTTPS for a declared period of time.
HTTPS
HTTPS — definition coming soon.
TLS (Transport Layer Security)
TLS (Transport Layer Security) — definition coming soon.
Evil Twin Attack
A Wi-Fi attack in which an adversary stands up a rogue access point that mimics a legitimate SSID, so victims connect to it and expose traffic or credentials.
Rogue Access Point
An unauthorised wireless access point connected to a network, either installed maliciously by an attacker or naively by an employee, that bypasses network security controls.