HProxy: Client-Side Detection of SSL Stripping Attacks
In today's world wide web hundreds of thousands of companies use SSL to protect their customers' transactions from potential eavesdroppers. Recently, a new attack against the common usage of SSL surfaced, SSL stripping. The attack is based on the fact that users almost never request secure pages explicitly, but rather rely on the servers, to redirect them to the appropriate secure version of a particular website. An attacker, after becoming man-in-the-middle can suppress such messages and provide the user with "Stripped" versions of the requested website forcing him to communicate over an insecure channel. In this paper, the authors analyze the ways that SSL stripping can be used by attackers and present a countermeasure against such attacks.