Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DIMVA
2010
2010
HProxy: Client-Side Detection of SSL Stripping Attacks
Abstract. In today's world wide web hundreds of thousands of companies use SSL to protect their customers' transactions from potential eavesdroppers. Recently, a new attack against the common usage of SSL surfaced, SSL stripping. The attack is based on the fact that users almost never request secure pages explicitly but rather rely on the servers, to redirect them to the appropriate secure version of a particular website. An attacker, after becoming man-in-the-middle can suppress such messages and provide the user with "stripped" versions of the requested website forcing him to communicate over an insecure channel. In this paper, we analyze the ways that SSL stripping can be used by attackers and present a countermeasure against such attacks. We leverage the browser's history to create a security profile for each visited website. Each profile contains information about the exact use of SSL at each website and all future connections to that site are validated ag...
Real-time TrafficAppropriate Secure Version | Computer Networks | DIMVA 2007 | DIMVA 2010 | SSL Stripping Attacks | Wide Web Hundreds |
| Added | 08 Nov 2010 |
| Updated | 08 Nov 2010 |
| Type | Conference |
| Year | 2010 |
| Where | DIMVA |
| Authors | Nick Nikiforakis, Yves Younan, Wouter Joosen |
Comments (0)
Researcher Info
|
