SSL Stripping
What is SSL Stripping?
SSL StrippingA man-in-the-middle attack that silently downgrades a victim's HTTPS connection to plain HTTP so the attacker can read and modify the traffic.
SSL stripping intercepts the initial HTTP request that a browser sends before being redirected to HTTPS, and rewrites links and responses so the victim continues to communicate over cleartext while the attacker proxies an encrypted session to the real site. Because the user never sees a certificate warning, the attack can capture credentials, session cookies, and sensitive form data. The classic defence is HSTS (HTTP Strict Transport Security), which forces browsers to use HTTPS for a given host, combined with HSTS preloading, secure cookie flags, redirects from HTTP to HTTPS at the edge, and certificate transparency monitoring.
● Examples
- 01
An attacker on a coffee-shop Wi-Fi forwards http://bank.example traffic and proxies a separate HTTPS session to the real bank.
- 02
A rogue captive portal rewrites response links from https:// to http:// to harvest passwords.
● Frequently asked questions
What is SSL Stripping?
A man-in-the-middle attack that silently downgrades a victim's HTTPS connection to plain HTTP so the attacker can read and modify the traffic. It belongs to the Network Security category of cybersecurity.
What does SSL Stripping mean?
A man-in-the-middle attack that silently downgrades a victim's HTTPS connection to plain HTTP so the attacker can read and modify the traffic.
How do you defend against SSL Stripping?
Defences for SSL Stripping typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for SSL Stripping?
Common alternative names include: HTTPS stripping, TLS stripping.