Man-in-the-Middle & SSL Stripping
A MITM attacker intercepts traffic between two parties, reading and modifying it without either knowing. SSL Stripping downgrades HTTPS to HTTP by removing redirects - the victim's browser never negotiates TLS. HSTS prevents this.
Connection State
Victim
BROWSING
Attacker
PASSIVE
Traffic Channels
HTTPS
Victim - Server
HTTPS
Attacker - Server
Intercepted Data
-
Prevention
How to fix
HSTS (Strict-Transport-Security): forces HTTPS
HSTS Preload: hardcoded in browsers
Certificate pinning in mobile apps
DNSSEC: prevents DNS poisoning for MITM
MFA: stolen passwords less useful
HSTS Preload: hardcoded in browsers
Certificate pinning in mobile apps
DNSSEC: prevents DNS poisoning for MITM
MFA: stolen passwords less useful
Event Log