Originally posted by: SagaLore
Originally posted by: Goosemaster
Why is this so hard for people to understand?
It intercepts, rewrites urls, sets up a valid ssl connection between the client and the proxy,
then proceeds to proxy all requests over a legit ssl connection on the other end while maintaining a pretty url for the client the entire time.
There is a lot of mixed info about what sslstrip does. We all agree that its MiTM, but what it actually does with the end-user was the confusing part. We're arguing about really fine details, not the big picture.
Codewiz kept stressing for us to watch the end of the video... I just finished it. He's right concerning what the end-user sees. Its an HTTPS look-alike. Okay one more time...
- Performs Man-in-the-Middle on the (plaintext) HTTP connection
- Replaces all the HTTPS links with HTTPS look-alikes
- Communicates with the end-user's web browser with look-alike HTTPS for any secure link
- Communicates with the web server over HTTPS for the same secure link
- SSLstrip acts as a proxy between the end-user and the web server
- SSLstrip captures POST
- Page is forwarded back to real HTTPS page
end-user <--(bad https)--> sslstrip <--(good https)--> web server