What is SSL Stripping?

What is SSL Stripping ?

It’s kind of attack that takes that generally fetches your sensitive data like id, password, bank details like card number CVV number. It is kind of Man In The Middle Attack. It’s also known as SSL Downgrade attack. SSL (Secure Socket Layer) protocol is used to protect our communication.
There are two types of links one is HTTPS and another is HTTP. The links starting with HTTP does not have SSL or TLS(Transport Layer Security). When someone interacts with the server then the communication carries on in plain text which can be read by anyone. But in the case of links starting with HTTPS they make secure communication with servers. And the interactive data are encrypted and can’t be read easily.

Now by creating this method hackers can steal users data. They create SSL string attack hacker creates a Hotspot. If the victim connects with this wifi and browsing the internet. In that case, Hacker will be in the middle of server and victim. Here between hacker and the victim, the connection will be of HTTP but with the hacker and the sever the connection will be in HTTPS.
SO, now every sensitive data of the victim can be read by the hacker.

There are more methods for SSL Striping .

1 Like

I’d like to add to the existing reply,

Per very good post on medium

I’d say that SSL Stripping is now outdated (given that it kind of works with browsers who don’t have ssl security *cough*internetexplorer*cough*)
There are more modern methods of MITM (man in the middle attack) but this particular attack is only applicable to old browsers which do not care if the SSL certificate is actually coming from the machine it was installed on (or if the machine has ssl at all)

As the name suggests, The primary target is to fool the client browser into thinking that the target website does not have any SSL (or an obfuscated one) which actually takes all the requests to attacker’s IP. Who then, sends them to the target website as usual. The catch here is that the data reaches the attacker in plain text so he has his own liberty to wire that data into a local copy and later use it for nefarious purposes.

1 Like