| Wednesday May 25th 2016

sslstrip: hijacking SSL in network

security: master and chain
Last week at Black Hat DC, Moxie Marlinspike presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but Moxie successfully ran it on a Tor exit node.

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.