| Sunday March 29th 2015


Subscribe by email:

We promise not to spam/sell you.

Search Amazon deals:

sslstrip: hijacking SSL in network

security: master and chain
Last week at Black Hat DC, Moxie Marlinspike presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but Moxie successfully ran it on a Tor exit node.

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.