SSL Stripping Explained and How to Avoid It

Cybercrime continues to be on rise, and over half the consumer population has been a victim at some point. SSL stripping (otherwise known as an HTTPS downgrade) is a distinct type of man-in-the-middle (MitM) attack, and it puts your online security and privacy in jeopardy. Unfortunately, SSL stripping is a fairly easy way for malicious hackers to grab your important data, including financial information and passwords. 

Click on your browser address bar — you may not have paid much attention to the ‘s’ in ‘https’ before, but that’s one very important letter. Even if you know the difference between HTTP and HTTPS, you may not realize how simple it can be for an attacker to strip encryption to access your sensitive information if you’re not careful. 

You’re particularly vulnerable to SSL stripping when you connect to an unsecured Wi-Fi network, or even a WPA2-secured public Wi-Fi hotspot. All an attacker needs to execute a sophisticated MitM attack like this is a simple laptop. Let’s examine SSL stripping more closely and see what you can do to keep your information truly secure and private online.

Man-in-the-Middle Attacks on the Rise

Experts estimate more than a third of all cyberattacks we see today are man-in-the-middle attacks. Cybercriminals position themselves as interceptors between you and the destination web server. That allows the malicious hacker to access all your online communication. 

When Belgian researchers first discovered KRACK attacks (Key Reinstallation Attacks), the world realized even secured Wi-Fi connections aren’t secure. KRACK attacks rely on vulnerabilities in the WPA2 protocol to compromise the encryption key and the entire data network itself. As we’ll see below, SSL stripping is a type of MitM attack and has much in common with KRACK. 

What is SSL Stripping?

Take a look at your web browser’s address bar and you’ll find a small padlock icon next to the web address. The icon indicates you have a secure connection through HTTPS, an application layer protocol on the internet that encrypts all information leaving your computer end-to-end. HTTPS uses SSL (Secure Socket Layer)/TLS (Transport Layer Security) to create a secure tunnel between you and the web server you’re accessing.

HTTP is another application layer protocol, but it’s simply plaintext — anyone on the network can read your traffic and steal your information. As the name suggests, SSL stripping is when an attacker strips away your connection’s encryption (SSL/TLS), which exposes all your data for third parties to see. 

The malicious actor “sits” in the middle of the network, between your device and the remote web server (i.e. the website). In a normal scenario, your device would connect directly with the web server. However, in an SSL stripping attack, the malicious hacker imitates the server. The hacker’s device acts as a bridge. Neither you nor the remote web server realize someone is tampering in the middle.

You think you’re connected to the familiar, trusted website you entered the URL for in the browser address bar. You may enter your passwords, banking credentials, and other information without a second thought. Just like that, the cybercriminal has a way into your accounts.

How does SSL Stripping Work?

SSL stripping exploits common vulnerabilities in how most people connect to websites, and in the way websites are often set up to behave. When we want to visit a specific website, we hardly ever enter the full URL, complete with a specified “https://” protocol scheme. We often just start with “www.” or even a domain keyword or two. 

When we don’t type the full “https://” address, the browser first defaults to the website’s HTTP version. If the site then supports HTTPS, it redirects the user (via a 302 redirection) to a secure site version. SSL stripping manipulates this 302 redirection. 

In the seconds that elapse between the HTTP site loading and the redirection to the HTTPS site, a malicious hacker can establish a connection to your device. The cybercriminal redirects you to their own proxy server rather than the secure HTTPS site.

Since the hacker’s proxy server connects to the website via a secure HTTPS connection, the server thinks everything’s set up just the way it should be. On the other hand the connection between your device and the hacker’s server is actually over HTTP, and thus, unsecured. 

In this SSL stripping example, you assume you’re on a trusted site like a bank portal, so you enter your credentials. Your sensitive details are passed on to the hacker’s proxy over an unencrypted channel. The criminal hacker logs all your information and uses it to establish a connection with the bank portal using your identity. 

Protect Your Sensitive Data

How Does a Hacker Set up an SSL Stripping Attack? 

A malicious actor only needs to establish a bridging device between your device and the remote web server to pull off an SSL stripping attack. Let’s look at the different ways an attacker can accomplish this.

• • • • • Using a proxy server: A proxy server acts like a gateway between a device and the internet or another network. A hacker can set up a discreet proxy server, routing all your requests for websites through that server and tampering with the connection.
        • Compromised networks and hotspots: An attacker can compromise a Wi-Fi or wired network, both secure and unsecured. Once that’s done, the hacker monitors all network communications on that network. Each time you connect to an unknown Ethernet or Wi-Fi network, say at the hotel or the airport, you risk experiencing a man-in-the-middle attack.
        • ARP spoofing attacks: A hacker can execute ARP spoofing to associate their MAC address with your IP address. When this happens, a hacker can impersonate your device and receive data on your behalf via your IP address.

Can You Protect a Website from SSL Stripping?

The key to foiling SSL stripping attacks is to enforce HTTPS end-to-end on all website pages. Many websites use HTTPS only for login pages, and then default to HTTP for other pages. Websites combining HTTP and HTTPS make it easy for cybercriminals to carry out attacks. 

We recommend always using HSTS (HTTP Strict Transport Security), because it’s a more stringent standard. HSTS requires all devices to use HTTPS or display an error when the user opens an unsecured site.

Protect Yourself From SSL Stripping on Wi-Fi Networks

Whether you’re using your Wi-Fi at home, or you’re connecting to another network, you need protection against SSL stripping and other common scams or attacks. 

A secure VPN like CyberGhost is a simple way to safeguard yourself from HTTP downgrades, and to mitigate many other cybersecurity threats.  We encrypt your connection end-to-end in a secure tunnel using 256-bit AES encryption. 

Even if a would-be attacker tries to interfere with your connection, all they’ll see is garbled data. This protects against man-in-the-middle attacks including SSL stripping. When you use a VPN, it’s an additional security layer over HTTPS encryption and it protects any unsecured HTTP traffic too.

Stay Safe Online

Further Tips to Protect Yourself From SSL Stripping

Stay alert while browsing the web and when clicking on links to protect yourself and your devices from SSL stripping attacks. Here are a few simple yet highly effective tips that can come in handy.

• • ️🔒 Avoid connecting to unknown or suspicious Wi-Fi networks. It’s easy for cybercrooks to launch attacks on public or free hotspots. Always use a secure VPN like CyberGhost if you need to access Wi-Fi hotspots.
  • ️🔒 Upgrade all your web connections to HTTPS-only. Configure your browser to only use secure connections when you visit websites. Most browsers today offer you the option to only use HTTPS, and they’ll display a warning if a site supports only HTTP (and has no secure version). This is a great way to avoid visiting a potentially dangerous site.
  • ️🔒 Check the URL field on your web browser regularly and look out for the padlock icon. The icon guarantees a secure connection. If you don’t see the padlock, don’t enter any sensitive information on the site.
  • ️🔒 Use bookmarks to save secure sites you frequently visit, like internet banking portals and social media sites. This way, you avoid mistyping URLs or visiting an unsecured website version.
  • ️🔒 Ignore pop-ups you encounter, even if they scream “your system is infected with a virus”. Many pop-ups are malicious and will make you more vulnerable to a man-in-the-middle attack, ransomware, or other online threats.
  • ️🔒 Inspect a website’s certificate by clicking on the padlock icon to ensure a legitimate authority issued it. Most browsers will automatically check certificate validity, but it’s a good idea to stay aware yourself. If a website certificate appears fraudulent, immediately leave the site.
  • ️🔒 Always use a VPN. It eliminates a cybercriminal’s ability to carry out man-in-the-middle attacks like SSL stripping. It hides your IP address, encrypts all your traffic, and creates a secure tunnel for your data.

Make SSL Stripping a Thing of the Past 

In SSL stripping, one missing ‘S’ marks the difference between your data staying secure or sitting in the hands of a malicious actor. While it is a significant threat we all face when we connect to websites, it’s also a threat we can easily protect against.

A cybercriminal needs access to your connection to carry out an HTTPS downgrade attack. Follow our safety tips above to protect yourself against SSL stripping. Get CyberGhost VPN to safeguard your data and prevent all kinds of man-in-the-middle attacks. We use ironclad encryption and give you a secure connection on any network — even public Wi-Fi.

Get CyberGhost VPN Now

FAQ