At BlackHat DC 2009 Moxie Marlinspike demonstrated how to subvert HTTPS with SSLStrip. SSLStrip intercepts HTTP traffic, watches for HTTPS links inside the data stream and maps these HTTPS links to HTTP. Whenever a victim clicks on such a mapped HTTPS link SSLStrip will notice it and act as a HTTP2HTTPS proxy server. All the data is available in cleartext to SSLStrip and an attacker can use this circumstance to his advantage.
If I find the time I will port the SSLStrip features to PERL to merge it with the HTTP proxy script I wrote to observe spam and anonymized traffic.
Here is the SSLStrip 0.4 packet from the local archive on Megapanzer.
This is the link to Moxie’s page.
See SSLStrip in action here :
