{"id":479124,"date":"2023-08-09T10:01:33","date_gmt":"2023-08-09T10:01:33","guid":{"rendered":""},"modified":"2023-09-05T11:18:13","modified_gmt":"2023-09-05T11:18:13","slug":"ssl-stripping-attack","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/cn\/wiki\/ssl-stripping-attack\/","title":{"rendered":"SSL \u5265\u79bb\u653b\u51fb"},"content":{"rendered":"<p>SSL \u5265\u79bb\u653b\u51fb\u662f\u6307\u653b\u51fb\u8005\u5c06\u53d7\u5bb3\u8005\u7684\u8fde\u63a5\u4ece HTTPS \u964d\u7ea7\u4e3a HTTP \u7684\u5b89\u5168\u6f0f\u6d1e\u3002\u901a\u8fc7\u8fd9\u6837\u505a\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u62e6\u622a\u3001\u8bfb\u53d6\u6216\u4fee\u6539\u53d7\u5bb3\u8005\u8ba4\u4e3a\u5b89\u5168\u7684\u6570\u636e\u3002\u8fd9\u79cd\u60c5\u51b5\u5728\u7528\u6237\u4e0d\u77e5\u60c5\u7684\u60c5\u51b5\u4e0b\u53d1\u751f\uff0c\u800c\u4ed6\u4eec\u7684\u4fe1\u606f\u5df2\u88ab\u6cc4\u9732\u3002<\/p>\n<h2>SSL \u5265\u79bb\u653b\u51fb\u7684\u8d77\u6e90<\/h2>\n<p>\u201cSSL \u5265\u79bb\u201d\u4e00\u8bcd\u6700\u65e9\u662f\u7531\u4e00\u4f4d\u540d\u53eb Moxie Marlinspike \u7684\u5b89\u5168\u7814\u7a76\u5458\u5728 2009 \u5e74\u7684\u9ed1\u5e3d\u7b80\u62a5\u4f1a\u4e0a\u63d0\u51fa\u7684\u3002Marlinspike \u6f14\u793a\u4e86\u5982\u4f55\u5b9e\u65bd\u8fd9\u79cd\u653b\u51fb\u6765\u7834\u574f\u5b89\u5168\u7684 HTTPS \u8fde\u63a5\u3002SSL \u5265\u79bb\u662f\u5229\u7528 SSL\/TLS \u534f\u8bae\u5b9e\u65bd\u4e2d\u7684\u5f31\u70b9\u7684\u5e7f\u6cdb\u653b\u51fb\u7c7b\u522b\u7684\u4e00\u90e8\u5206\u3002<\/p>\n<h2>\u6709\u5173 SSL \u5265\u79bb\u653b\u51fb\u7684\u8be6\u7ec6\u4fe1\u606f<\/h2>\n<h3>SSL \u53ca\u5176\u91cd\u8981\u6027<\/h3>\n<p>SSL\uff08\u5b89\u5168\u5957\u63a5\u5b57\u5c42\uff09\u662f\u4fdd\u62a4\u7f51\u7edc\u901a\u4fe1\u5b89\u5168\u7684\u6807\u51c6\u534f\u8bae\uff0c\u901a\u5e38\u5728\u7f51\u7edc\u6d4f\u89c8\u5668\u4e2d\u4ee5 HTTPS \u7684\u5f62\u5f0f\u5b9e\u73b0\u3002\u5b83\u5bf9\u7528\u6237\u6d4f\u89c8\u5668\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u6570\u636e\u8fdb\u884c\u52a0\u5bc6\uff0c\u786e\u4fdd\u9690\u79c1\u548c\u6570\u636e\u5b8c\u6574\u6027\u3002<\/p>\n<h3>SSL \u5265\u79bb\u653b\u51fb\u662f\u5982\u4f55\u8fdb\u884c\u7684<\/h3>\n<p>SSL \u5265\u79bb\u653b\u51fb\u53d1\u751f\u5728\u7ecf\u5178\u7684\u4e2d\u95f4\u4eba (MITM) \u653b\u51fb\u6846\u67b6\u5185\u3002\u901a\u8fc7\u5c06\u8fde\u63a5\u4ece HTTPS \u964d\u7ea7\u4e3a HTTP\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u53cc\u65b9\u5747\u672a\u5bdf\u89c9\u7684\u60c5\u51b5\u4e0b\u8bfb\u53d6\u6216\u4fee\u6539\u6570\u636e\u3002\u8fd9\u79cd\u653b\u51fb\u901a\u5e38\u9488\u5bf9\u516c\u5171 Wi-Fi \u7f51\u7edc\u548c\u5176\u4ed6\u653b\u51fb\u8005\u53ef\u4ee5\u8f7b\u677e\u62e6\u622a\u6d41\u91cf\u7684\u73af\u5883\u3002<\/p>\n<h2>SSL \u5265\u79bb\u653b\u51fb\u7684\u5185\u90e8\u7ed3\u6784<\/h2>\n<ol>\n<li><strong>\u653b\u51fb\u8005\u7684\u4f4d\u7f6e\uff1a<\/strong> \u653b\u51fb\u8005\u9700\u8981\u5904\u4e8e\u53ef\u4ee5\u62e6\u622a\u6d41\u91cf\u7684\u4f4d\u7f6e\uff0c\u8fd9\u901a\u5e38\u662f\u901a\u8fc7\u5728\u540c\u4e00\u7f51\u7edc\u4e0a\u6216\u4f7f\u7528 ARP \u6b3a\u9a97\u7b49\u6280\u672f\u6765\u5b9e\u73b0\u7684\u3002<\/li>\n<li><strong>\u964d\u7ea7\u5230 HTTP\uff1a<\/strong> \u653b\u51fb\u8005\u4fee\u6539\u5b89\u5168\u7684HTTPS\u94fe\u63a5\uff0c\u5e76\u5c06\u5176\u66ff\u6362\u4e3aHTTP\u94fe\u63a5\u3002<\/li>\n<li><strong>\u62e6\u622a\u6570\u636e\uff1a<\/strong> \u653b\u51fb\u8005\u53ef\u4ee5\u8bfb\u53d6\u901a\u8fc7 HTTP \u53d1\u9001\u7684\u6240\u6709\u4fe1\u606f\uff0c\u6709\u65f6\u751a\u81f3\u53ef\u4ee5\u4fee\u6539\u3002<\/li>\n<li><strong>\u91cd\u65b0\u52a0\u5bc6\uff08\u53ef\u9009\uff09\uff1a<\/strong> \u5728\u4e00\u4e9b\u9ad8\u7ea7\u653b\u51fb\u4e2d\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5728\u5c06\u6570\u636e\u53d1\u9001\u5230\u76ee\u6807\u670d\u52a1\u5668\u4e4b\u524d\u91cd\u65b0\u52a0\u5bc6\u6570\u636e\u3002<\/li>\n<\/ol>\n<h2>SSL\u5265\u79bb\u653b\u51fb\u5173\u952e\u7279\u5f81\u5206\u6790<\/h2>\n<ul>\n<li><strong>\u9690\u79d8\uff1a<\/strong> \u53d7\u5bb3\u8005\u5e38\u5e38\u4e0d\u4f1a\u6ce8\u610f\u5230\u3002<\/li>\n<li><strong>\u6709\u6548\u7684\uff1a<\/strong> \u80fd\u591f\u62e6\u622a\u5927\u91cf\u654f\u611f\u4fe1\u606f\u3002<\/li>\n<li><strong>\u5e73\u53f0\u72ec\u7acb\uff1a<\/strong> \u53ef\u4ee5\u5728\u4efb\u4f55\u4f9d\u8d56 SSL\/TLS \u5b89\u5168\u7684\u7cfb\u7edf\u4e0a\u6267\u884c\u3002<\/li>\n<\/ul>\n<h2>SSL \u5265\u79bb\u653b\u51fb\u7684\u7c7b\u578b<\/h2>\n<table>\n<thead>\n<tr>\n<th>\u7c7b\u578b<\/th>\n<th>\u63cf\u8ff0<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u57fa\u672c SSL \u5265\u79bb<\/td>\n<td>\u4ece HTTPS \u7b80\u5355\u964d\u7ea7\u5230 HTTP<\/td>\n<\/tr>\n<tr>\n<td>\u6269\u5c55 SSL \u5265\u79bb<\/td>\n<td>\u5305\u62ec\u91cd\u65b0\u52a0\u5bc6\u548c\u5176\u4ed6\u590d\u6742\u6027<\/td>\n<\/tr>\n<tr>\n<td>\u79fb\u52a8 SSL \u5265\u79bb<\/td>\n<td>\u4e13\u95e8\u9488\u5bf9\u79fb\u52a8\u8bbe\u5907<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>SSL \u5265\u79bb\u653b\u51fb\u7684\u4f7f\u7528\u65b9\u6cd5\u3001\u95ee\u9898\u53ca\u89e3\u51b3\u65b9\u6848<\/h2>\n<h3>\u7528\u9014<\/h3>\n<ul>\n<li><strong>\u975e\u6cd5\u6d3b\u52a8\uff1a<\/strong> \u7a83\u53d6\u4e2a\u4eba\u4fe1\u606f\u548c\u8d22\u52a1\u4fe1\u606f\u3002<\/li>\n<li><strong>\u4f01\u4e1a\u95f4\u8c0d\u6d3b\u52a8\uff1a<\/strong> \u622a\u53d6\u673a\u5bc6\u4fe1\u606f\u3002<\/li>\n<\/ul>\n<h3>\u95ee\u9898\u4e0e\u89e3\u51b3\u65b9\u6848<\/h3>\n<ul>\n<li><strong>\u95ee\u9898\uff1a<\/strong> \u7528\u6237\u6ca1\u6709\u610f\u8bc6\u5230\u98ce\u9669\u3002<br \/>\n<strong>\u89e3\u51b3\u65b9\u6848\uff1a<\/strong> \u6559\u80b2\u7528\u6237\u5e76\u63d0\u5021\u4f7f\u7528\u6d4f\u89c8\u5668\u4e2d\u7684\u6302\u9501\u56fe\u6807\u7b49\u5b89\u5168\u6307\u793a\u5668\u3002<\/li>\n<li><strong>\u95ee\u9898\uff1a<\/strong> HTTPS \u5b9e\u65bd\u4e0d\u529b\u3002<br \/>\n<strong>\u89e3\u51b3\u65b9\u6848\uff1a<\/strong> \u5b9e\u65bd HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 (HSTS) \u548c\u5176\u4ed6\u5f3a\u5927\u7684\u5b89\u5168\u63aa\u65bd\u3002<\/li>\n<\/ul>\n<h2>\u4e3b\u8981\u7279\u70b9\u53ca\u540c\u7c7b\u4ea7\u54c1\u6bd4\u8f83<\/h2>\n<table>\n<thead>\n<tr>\n<th>\u5b66\u671f<\/th>\n<th>\u7279\u5f81<\/th>\n<th>\u76f8\u4f3c\u4e4b\u5904<\/th>\n<th>\u5dee\u5f02<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>SSL \u5265\u79bb<\/td>\n<td>\u5c06 HTTPS \u964d\u7ea7\u4e3a HTTP<\/td>\n<td>MITM \u653b\u51fb<\/td>\n<td>\u76ee\u6807 SSL<\/td>\n<\/tr>\n<tr>\n<td>MITM \u653b\u51fb<\/td>\n<td>\u62e6\u622a\u5e76\u6539\u53d8\u901a\u8baf<\/td>\n<td>\u5305\u542b SSL<\/td>\n<td>\u8303\u56f4\u66f4\u5e7f<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\u672a\u6765\u7684\u89c2\u70b9\u548c\u6280\u672f<\/h2>\n<ul>\n<li><strong>\u589e\u5f3a\u68c0\u6d4b\uff1a<\/strong> \u6539\u8fdb\u4e86\u68c0\u6d4b SSL \u5265\u79bb\u653b\u51fb\u7684\u65b9\u6cd5\u3002<\/li>\n<li><strong>HSTS \u7684\u5e7f\u6cdb\u91c7\u7528\uff1a<\/strong> \u4e00\u79cd\u9632\u6b62\u8fd9\u4e9b\u653b\u51fb\u7684\u6709\u524d\u666f\u7684\u6280\u672f\u3002<\/li>\n<\/ul>\n<h2>\u4ee3\u7406\u670d\u52a1\u5668\u5982\u4f55\u4e0e SSL \u5265\u79bb\u653b\u51fb\u76f8\u5173\u8054<\/h2>\n<p>\u4ee3\u7406\u670d\u52a1\u5668\u65e2\u53ef\u4ee5\u6210\u4e3a\u653b\u51fb\u76ee\u6807\uff0c\u4e5f\u53ef\u4ee5\u6210\u4e3a SSL \u5265\u79bb\u653b\u51fb\u7684\u9632\u5fa1\u624b\u6bb5\u3002\u5f53\u653b\u51fb\u8005\u4f7f\u7528\u4ee3\u7406\u670d\u52a1\u5668\u62e6\u622a\u6d41\u91cf\u65f6\uff0c\u4ee3\u7406\u670d\u52a1\u5668\u5c31\u53ef\u80fd\u6210\u4e3a\u653b\u51fb\u76ee\u6807\u3002\u76f8\u53cd\uff0c\u5b89\u5168\u4ee3\u7406\u670d\u52a1\u5668\uff08\u5982 OneProxy (oneproxy.pro) \u63d0\u4f9b\u7684\u4ee3\u7406\u670d\u52a1\u5668\uff09\u53ef\u4ee5\u914d\u7f6e\u4e3a\u5f3a\u5236\u5b9e\u65bd HTTPS \u8fde\u63a5\u5e76\u4f7f\u7528 HSTS\uff0c\u4ece\u800c\u964d\u4f4e SSL \u5265\u79bb\u7684\u98ce\u9669\u3002<\/p>\n<h2>\u76f8\u5173\u94fe\u63a5<\/h2>\n<ul>\n<li><a href=\"https:\/\/oneproxy.pro\/cn\/\" target=\"_new\" rel=\"noopener\">OneProxy\u5b98\u65b9\u7f51\u7ad9<\/a><\/li>\n<li><a href=\"https:\/\/www.blackhat.com\/\" target=\"_new\" rel=\"noopener nofollow\">Moxie Marlinspike \u7684\u9ed1\u5e3d\u6f14\u8bb2<\/a><\/li>\n<li><a href=\"https:\/\/en.wikipedia.org\/wiki\/HTTPS\" target=\"_new\" rel=\"noopener nofollow\">\u4e86\u89e3 HTTPS \u548c SSL<\/a><\/li>\n<li><a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Strict-Transport-Security\" target=\"_new\" rel=\"noopener nofollow\">HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 (HSTS)<\/a><\/li>\n<\/ul>\n<p><strong>\u7b14\u8bb0\uff1a<\/strong> \u672c\u6587\u5305\u542b\u7684\u4fe1\u606f\u622a\u81f3\u4e0a\u6b21\u66f4\u65b0\u65f6\u90fd\u662f\u51c6\u786e\u7684\uff0c\u4f46\u53ef\u80fd\u4f1a\u968f\u7740\u6280\u672f\u8fdb\u6b65\u6216\u5b89\u5168\u5f62\u52bf\u7684\u53d8\u5316\u800c\u53d8\u5316\u3002<\/p>","protected":false},"featured_media":479125,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-479124","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>SSL Stripping Attack<\/mark>","faq_items":[{"question":"What is an SSL Stripping Attack?","answer":"<p>An SSL Stripping Attack is a method where an attacker downgrades a victim's connections from HTTPS to HTTP. This allows the attacker to intercept, read, or modify data that the victim believes to be secure, without them noticing that their information is being compromised.<\/p>"},{"question":"Who first coined the term \"SSL Stripping\"?","answer":"<p>The term \"SSL stripping\" was first coined by a security researcher named Moxie Marlinspike during the Black Hat Briefings conference in 2009.<\/p>"},{"question":"How does SSL Stripping Attack work?","answer":"<p>The SSL stripping attack takes place within a Man-in-the-Middle (MITM) attack framework. By downgrading a connection from HTTPS to HTTP, an attacker can read or modify the data without either party noticing. It usually targets public Wi-Fi networks and other environments where the attacker can intercept traffic easily.<\/p>"},{"question":"What are the types of SSL Stripping Attack?","answer":"<p>There are three main types of SSL Stripping Attacks:<\/p><ol><li>Basic SSL Stripping - Simple downgrade from HTTPS to HTTP.<\/li><li>Extended SSL Stripping - Includes re-encryption and other complexities.<\/li><li>Mobile SSL Stripping - Specifically targets mobile devices.<\/li><\/ol>"},{"question":"How can SSL Stripping Attacks be prevented?","answer":"<p>SSL Stripping Attacks can be prevented by educating users about the risks, promoting the use of security indicators like padlock icons in browsers, implementing HTTP Strict Transport Security (HSTS), and using secure proxy servers like OneProxy that enforce HTTPS connections.<\/p>"},{"question":"What is the future perspective related to SSL Stripping Attack?","answer":"<p>The future perspective related to SSL Stripping Attack includes enhanced detection methods and the widespread adoption of technologies like HSTS, which can significantly reduce the risk of these attacks.<\/p>"},{"question":"How are proxy servers like OneProxy associated with SSL Stripping Attack?","answer":"<p>Proxy servers like OneProxy can both be a target and a defense against SSL stripping attacks. They can be targeted when attackers use them to intercept traffic. Conversely, secure proxy servers can be configured to enforce HTTPS connections and use HSTS, reducing the risk of SSL stripping.<\/p>"},{"question":"Where can I find more information about SSL Stripping Attack?","answer":"<p>You can find more information about SSL Stripping Attack through the following resources:<\/p><ul><li><a href=\"https:\/\/www.oneproxy.pro\/\" target=\"_new\">OneProxy Official Website<\/a><\/li><li><a href=\"https:\/\/www.blackhat.com\/\" target=\"_new\">Moxie Marlinspike's Black Hat Presentation<\/a><\/li><li><a href=\"https:\/\/en.wikipedia.org\/wiki\/HTTPS\" target=\"_new\">Understanding HTTPS and SSL<\/a><\/li><li><a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Strict-Transport-Security\" target=\"_new\">HTTP Strict Transport Security (HSTS)<\/a><\/li><\/ul>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki\/479124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki\/479124\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/media\/479125"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/media?parent=479124"}],"curies":[{"name":"\u53ef\u6e7f\u6027\u7c89\u5242","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}