Moxie Marlinspike presented SSLstrip at Blackhat early this year. The author made observation as to how most people initiate access to secure (HTTPS) websites using insecure connection (HTTP) which creates opportunity for the man-in-the-middle (MITM) attacker to get into the middle of the connection without flashing certificate mismatch message on the user’s machine. It is also possible to display a fake lock icon on the browser. This is unnerving because even those scrupulous users who pay heed to the certificate mismatch warnings can no more avoid MITM attacks by just doing that.
This exploit is also particularly interesting for wireless security because of the ease with which it is possible to get in as MITM over Wi-Fi link using Honeypot (Evil Twin) tools. Once the MITM is established with the victim over Wi-Fi, exploits such as SSLstrip can make the job of the attacker all the more easier as even the scrupulous user will not suspect anything amiss as there won’t be certificate mismatch warning plus there will be a lock icon displayed next to the URL in the browser.
Useful links on information on SSLstrip:
- Download the presentation from from Blackhat (pdf)
- New tricks for defeating SSL (includes session video)