Reply to post:

Hacked in a public space? Thanks, HTTPS

Anonymous Coward
Anonymous Coward

"If a site provides only HTTPS then sslstrip would fail as it can't fall back to HTTP."

Why does it need to fallback to HTTP? Surely the hacker (or more accurately their software) can decrypt the request from the unsuspecting browser user, then use his or her own HTTPS connection to the website to forward the request and decrypt the response before re-encrypting it to send back to the user?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019