Web Hosting Blog

SSL-MITM-Mitigate Risk for Web Transactions

by rchamria, May 26, 2011

Man in the middle attack (MITM) is one of the unbeaten ways of intercepting information such as passwords, user ids etc in LAN (local area network). In simple words it can be explained as an attacker or a hacker tracking all the information transmitted in between the client and the server. This is where SSL certificates comes to picture.

To keep a check on these kinds of attacks the use of Hypertext Transfer Protocol Secure (HTTPS) was started by Email providers. Such arrangement of the Hypertext Transfer Protocol (HTTP) with SSL (Secure socket layer) protocol is done in order to provide encrypted communication between the client and the server. So every time an MITM attack is carried out by a hacker, the victim is put on an alert with an invalid SSL Certificate.

A successful MITM attack and that too without suspicion requires the usage of a tool called SSL strip. Instead of using HTTPS to connect sites like Gmail, Pay pal, the victim should be allowed to use HTTP. An SSL strip replaces HTTPS with an HTTP link and keeps a plot of the changes. The attacking machine supplies certificates to the web server which it provides to the client in order to verify the identity of the site, alongside its list of trusted certificate authorities.

It’s therefore always a good idea to choose a trusted and encrypted Wi-Fi networks or VPNs, on whichever site you are be it LinkedIn or any other site. If something like this isn’t available, SSL should be used for logins and other sensitive web pages.

What do you think of this post?
Awesome (0) Interesting (0) Useful (0) Boring (0)