SSL Stripping: Downgrading Encryption

In recent years, the Internet has increasingly been moving to use encrypted HTTPS for web browsing. In fact, over 90% of web browsing uses HTTPS instead of insecure HTTP. The reason for this trend is that HTTPS provides greater protection against eavesdropping and authenticates the identity of the website.

SSL stripping attacks — also known as HTTP downgrade attacks — are designed to strip this protection away from web traffic. By tricking a website and user into communicating over unencrypted HTTP, a cybercriminal can eavesdrop and perform a man-in-the-middle (MitM) attack on their communication.

This article explores the threat and mechanics of SSL stripping attacks. This includes describing how the attack works, its potential impacts, and best practices for protecting against it.

What is SSL Stripping?

SSL stripping is a particular type of MitM attack. Its goal is to prevent a connection between a web user and a website from becoming encrypted, enabling the attacker to continue eavesdropping on — and potentially modifying — web traffic between the user and the website.

SSL stripping attacks rely on the fact that a connection to a web server isn’t encrypted from the very beginning. First, a user will establish an unencrypted connection to a website, then they will initiate a TLS/SSL connection within that session to protect their actual web browsing data.

An SSL stripping attacker will intercept the packets used to negotiate a secure connection between the client and the server. They will then modify these packets so that the communicating parties will be

How SSL Stripping Works

SSL stripping is a MitM attack. To perform this attack, an attacker needs to be able to intercept traffic between the client and server. Some of the ways of accomplishing this include:

• Rogue Access Points (APs): A rogue AP is a malicious wireless network designed to impersonate a legitimate network. All traffic from connected devices flows through the malicious AP, enabling the attacker to perform a MitM attack on it.
• ARP Spoofing: ARP spoofing attacks trick a router into believing that the target’s IP address belongs to the attacker’s MAC address. This causes traffic intended for the target to be redirected to the attacker instead.
• DNS Spoofing: A DNS spoofing attack modifies the DNS records that translate domain names (like kzero.com) to IP addresses. This can cause traffic intended for a legitimate website to be redirected to an attacker-controlled site.
• BGP Hijacking: A malicious BGP autonomous system (AS) can publish false routes for an IP address or range. This causes traffic intended for those addresses to be routed through the attacker’s systems.

A MitM attacker has the ability to prevent a user from establishing an encrypted connection with a website. How this is accomplished depends on whether the website offers an unencrypted HTTP version of its site or solely supports HTTPS connections.

Stripping SSL Content

Every HTTP or HTTPS session begins with establishing a Transmission Control Protocol (TCP) connection. TCP is the network protocol used to carry HTTP(S) and other application-level protocols and works identically whether or not the connection is encrypted.

After a client and server have a TCP protocol in place, the client can request an SSL/TLS connection on top of the TCP connection. This additional layer adds the encryption and authentication that protects against eavesdropping or malicious websites.

In an SSL stripping attack, the cybercriminal intercepts traffic between the client and the server and removes any requests for SSL/TLS from these requests. This attack exploits HTTP downgrade functions that allow a client and server to fall back to earlier, less secure versions of the protocol if a secure version is unavailable.

In the end, the connection between the client and the server is unencrypted. Therefore, the attacker can intercept and eavesdrop on the content being transmitted between the client and server.

Multiple Connections

The previous attack only works if a web server hosts both an HTTP and HTTPS version of the webpage. If this isn’t the case, then the attacker needs to perform a MitM attack in which they maintain two different connections.

The connection between the attacker and the client will use the HTTP protocol, exploiting the same vulnerabilities as the previous attack. The reason for this is that the attacker lacks the ability to negotiate a secure HTTPS connection with the client without the private key associated with the server’s digital certificate.

When connecting with the server, the attacker can connect to the website’s HTTPS site. Since they’re playing the role of a client, there is no problem connecting to the secure version of the site.

By maintaining these two connections, the attacker can perform a MitM attack on the user. When the user requests a page via their HTTP connection with the attacker, the attacker requests the same page via their HTTPS connection with the website. Then, they can send the webpage that they receive back to the user.

Use Cases: Why SSL Stripping Matters

HTTPS has gained widespread adoption because it provides web users with strong protection against eavesdropping and similar attacks. SSL stripping can circumvent this protection and can used in a variety of attacks, including:

• Credential Theft: Login pages are commonly protected by HTTPS to prevent eavesdropping. An SSL stripping attack may be able to trick a user into entering their login credentials into an unencrypted version of the page, allowing an attacker to steal them and gain access to the user’s account.
• Data Breach: Login credentials aren’t the only sensitive data that can be transmitted over web connections. An SSL stripping attack could allow an eavesdropper to intercept personally identifiable information (PII), financial data, intellectual property (IP), or other sensitive data.
• Fraudulent Transactions: In addition to enabling eavesdropping, SSL stripping also removes protection against modifying web data in transit. As a result, an attacker could modify a user’s web traffic to change the details of a financial transaction or otherwise perform malicious requests.
• Malicious Content: In addition to changing a user’s requests, an SSL stripping attacker could also modify responses. This could be used to introduce inaccurate information or embed malware in the web pages being returned to the user.

SSL Stripping Prevention

An SSL stripping attack depends on the attacker’s ability to trick the target into accepting an unencrypted connection to a website. In both attack scenarios, the connection between the client and the server or attacker is unencrypted.

User Education

One method of ensuring this protection is to train users to look for the lock icon in the address bar of their web browser. This indicates an HTTPS connection and should always be present if the user has a secure and authentication connection to the website.

HTTPS-Only Mode

Major browsers also provide the option to require HTTPS versions of all websites. These can be configured as follows:

• Firefox: Settings > Privacy & Security > HTTPS-Only Mode > Enable HTTPS-Only Mode in all windows
• Chrome: Settings > Privacy and Security > Security > Always use secure connections
• Edge: Visit edge://flags/#edge-automatic-https and enable Automatic HTTPS
• Safari: Enabled by default in Safari 15 on macOs Big Sur and Catalina

HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) is a setting that web servers can implement to enforce the use of HTTPS. An HSTS-enabled website will reject attempted connections over HTTP or redirect them to an HTTPS version of the site.

This is accomplished using a Strict-Transport-Security header field included in HTTP responses from the site. After receiving this header from the site, the client will be expected to perform all future requests using encrypted HTTPS. 

Conclusion

SSL stripping is an attack designed to remove the protection of HTTPS and SSL/TLS from web traffic. It takes advantage of the fact that some web browsers and web servers will accept a downgrade to a less secure protocol (HTTP) if the other party doesn’t support or accept the stronger protocol. An attacker who inserts themselves in between a web client and server can trick the client — and potentially the server — into communicating via unencrypted HTTP.

This attack poses a significant threat to data privacy, integrity, and security. A MitM attacker can eavesdrop on sensitive data and modify communications en route to their intended destination. As a result, they can steal login credentials and other sensitive data, perform fraudulent transactions, or inject malicious content into a website.

Both the client and the server have the capability to protect themselves against SSL stripping attacks. Modern web browsers can be configured to only accept HTTPS connections, which prevents MitM attacks. Websites can use HSTS, rejecting any connection attempts that use the unencrypted HTTP protocol.

In addition to implementing protections against SSL stripping, it’s also a good idea to defend against the potential impacts of these attacks, including credential leaks. Kelvin Zero’s Multi-Pass does just that, with true passwordless MFA that prevents attackers from collecting login credentials by removing passwords all together. Book a demo today to learn more about Multi-Pass and how Kelvin Zero can help your organization protect its customers and employees against account takeover and other phishing related attacks.