SSL stripping attacks, or also known as “SSL strip”, are one of the lesser known risks when it comes to surfing the Internet, but they can pose a serious danger to all users who do not take precautions when connecting to Internet, because they could face information theft, bank account theft and even impersonating us. Today in this article we are going to see in detail what the popular SSL stripping attack consists of, what are the risks if we do not take the necessary precautions, and what we can do to prevent this dangerous cyberattack.
What is SSL Stripping?
When we surf the Internet, we can do it with the HTTP protocol, where all the information is sent and received in clear text, so it is very dangerous to use it because a cyber attacker could put me in the middle of the communication to read all the information and even modify it on the fly, with the aim of harming us. With the launch of the HTTPS protocol, which works on the TLS protocol that provides us with confidentiality, authentication, integrity and non-repudiation, this is already more complicated, because all traffic is encrypted end-to-end, from the web browser to the web server. Furthermore, all communication is authenticated thanks to the SSL / TLS certificate of the web server.
The SSL Strip is a type of cyberattack that tries to take over a user’s data when they access a web address protected by an SSL / TLS certificate, that is, when we are using the HTTPS application layer protocol. To do this, this technique uses an intermediary attack , also known as “Man in the Middle”, where the information sent by the user is intercepted before it becomes encrypted thanks to the HTTPS protocol of the web server. This allows you to get hold of critical private data, usually login credentials or banking information.
How does the SSL Strip work?
SSL Stripping attacks typically occur through a Man in the Middle attack where a cybercriminal impersonates a legitimate network, for example by creating a fake WiFi hotspot or access point in a coffee shop or library . Through this type of attack, the cybercriminal is able to intercept the data sent by users in certain browsers and websites before the SSL / TLS protocol of HTTPS communication encrypts them, without the website or the user detecting any anomaly. or notice via web browser.
This same attack could be carried out if we connect to any network, it is not necessary for the cybercriminal to create the false access point, because he can execute an ARP Spoofing attack to “trick” the victim into believing that the cyber attacker is the router or Default gateway, in this way, all traffic will also go through the attacker’s computer to be able to read and even modify all the information.
Weak points in unprotected websites
The SSL Strip is a type of attack that works on all websites that have not activated the HSTS protocol, and if we do not have the HSTS cookie installed in the browser. This protocol forces all communications to always work over HTTPS, because when carrying out this attack, the user’s web browser will see that it is not communicating with the web through HTTPS, but through HTTP. In this way, a cybercriminal can receive unencrypted data from a user who browses any of the web pages and be able to appropriate the user’s data.
How to avoid SSL Strip attacks?
There are several ways to avoid this type of attack, and they vary depending on whether you are visiting a website or if you manage one.
If you are visiting a website
When it comes to protecting your device against man-in-the-middle attacks such as the SSL Strip, your safest option is to use a VPN, which is a tool with which you will be able to encrypt your connection from end to end, even before to access any website. This will prevent any cybercriminal from receiving unencrypted data from you, even if you connect through an insecure connection or their own hotspot.
If you manage a website
If you are in charge of a web page, it is important that you secure it correctly, so that it has an SSL certificate that covers the entire site, and not just its access page. In this way, you will prevent unencrypted links on some of your website pages, since these types of links, although they redirect the user to your secure home page with SSL, constitute a weak point that cybercriminals take advantage of to launch their SSL Stripping attacks. In addition, it would also be totally necessary that you configure the web server correctly to have the HSTS protocol activated, in this way, the SSL Strip will be avoided when the user has previously entered the web, because from that moment, it will be mandatory that the web browser detects that the connection is HTTPS and that the SSL certificate is valid.
A boost in your SEO positioning
Enabling SSL protection on all your pages not only has a positive effect on the security of your website and its users, but it will also allow you to position your website higher in Google searches. Since 2014, Google has included SSL security in its algorithms to favor websites that have strong encryption in its searches.
Avoid insecure networks
Remember, also, that it is important to avoid unsecured Wi-Fi networks such as those in coffee shops or libraries, because they are spaces where it is much easier to carry out intermediary attacks such as SSL Stripping. If you are traveling or away from the office, try to use your mobile data to connect, and strengthen your security by always browsing from the encryption of your VPN service.