Total Articles 180
These are video clips of SSLStrip for Windows demonstration.
This application(SSLStrip.exe) will be released sooner or later(for educational purpose only).
[paypal.com and openweb.or.kr with Mozilla FireFox]
http://www.youtube.com/watch?v=41eY9ID1ejQ
[paypal.com with Google Chrome]
Host in VNC application is Windows 2000 Server. I can not install Google Chrome web browser on that machine because chrome application does not support Windows 2000 OS. Therefore, in this video clip, attacker and victim are exchanged. :)
2010.05.05 20:40:03 (*.125.227.56)
For more information about Strict Transport Security, refer the following URL/ (thnx Matt)
How to protect yourself against SSLStrip attack.
1. Using "Strict Transport Security" HTTP response header.
2. Using cipher text algorithm in java script to send critical information such as ID and password.
3. Sending client URL information by using "locatiion.href" java script including schema (http:// or https://) to the web server so that web server could verify that its URL is valid.
4. Using another methods using a platform specific binary module such as ActiveX or other plugin.