How does sslstrip work?

411    Asked by AnishaDalal in Cyber Security , Asked on Sep 27, 2022

I've been reading up on SSLstrip and I'm not 100% sure on my understanding of how it works.

A lot of documentation seems to indicate that it simply replaces occurrences of "https" with "http" in traffic that it has access to. So a URL passing through such as "" would be passed on to the victim as "".

At this point does SSLstrip continue to communicate with Twitter via HTTPS on our behalf? Something like this:

Victim  <== HTTP ==>  Attacker  <== HTTPS ==>  Twitter

Or is it just the fact that the client is now communicating with Twitter over HTTP that gives us access to the traffic?

Victim  <== HTTP ==>  Attacker  <== HTTP ==>  Twitter

My guess is it would be the first option where the Attacker continues to communicate with Twitter via HTTPS as it is enforced by Twitter but I would just like some clarification. 

Answered by Andrew Jenkins

You should watch Moxie Marlinspike's talk Defeating SSL using SSLStrip. In short SSLStrip is a type of MITM attack that forces a victim's browser into communicating with an adversary in plain-text over HTTP, and the adversary proxies the modified content from an HTTPS server. To do this, SSLStrip is "stripping" https:// URLs and turning them into http:// URLs.

HSTS is a proposed solution to this problem.

Your Answer


Parent Categories