Hands-on Cybersecurity Studies: SSLStrip Analysis
Abstract
Network communications are critical for everyday life. It is essential that the technologies involved are secure, as it is difficult for individual users to accurately assess that the information transferred between computing devices stays among the intended recipients. In the web domain, a great deal of trust is placed on the computing machines when accessing remote services. For this reason, digitally signed certificates are used to verify communicating parties are who they say they are and, furthermore, they are used to establish secure, encrypted sessions. However, there are several other potential issues that must be considered, including intermediate network nodes through which communication must flow to reach its destination. For example, these intermediate nodes may be able to modify the communication infrastructure between clients and servers, as documented and demonstrated by Moxie Marlinspike (in New Tricks for Defeating SSL in Practice) and a proof-of-concept software tool called SSLStrip. This report describes a hands-on exercise demonstrating these issues and their remediations.
Document Details
- Document Type
- Technical Report
- Publication Date
- Feb 22, 2023
- Accession Number
- AD1194322
Entities
People
- Jaime C. Acosta
- Jared Aguayo
Organizations
- United States Army
- University of Texas at El Paso