Beating HTTPS with SSLstrip
One defense that host systems have against man-in-the-middle attacks on web servers is SSL encryption. You typically run into this when you access a sensitive service such as online banking or online shopping. Many browsers showcase that HTTPS is in place by displaying a little lock giving the end user a sense of security.
Thanks to a security researcher Moxie Marlinspike, this layer of defense can be bypassed using SSLstrip. SSLstrip works by proxying HTTPS requests from the victim and sending them using HTTP. The HTTP traffic is not encrypted, making it vulnerable to eavesdropping. Once SSLstrip forces the HTTP connection, an attacker can use tcpdump to view the unencrypted login credentials of people accessing accounts ...
Get Penetration Testing with Raspberry Pi now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.