Man-in-the-Middle (MITM): TLS Stripping

An adversary managed to intercept a connection and tries to decrypt the secure communication between a client and a server, using SSL stripping. SSL stripping attack downgrades HTTPS connection to HTTP by intercepting the TLS authentication sent from the application to the user. The adversary sends an unencrypted version of the application’s site to the user while maintaining the secured session with the application, acting as a "bridge" between them.[1](Cirtation:Imperva)

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

References

Attachments

ID
VT0022.001
Sub-techniques
Tactics
Credential Access
Collection
Platforms
Cloud
Linux
MacOS
Unix-like
Windows

Created: 30 December 2020

Last Modified: 04 January 2021