A recipe for preventing the damage caused by SSLtrip

SSL is a security protocol that provides security and data integrity for network communications. TLS and SSL encrypt the network connection at the transport layer. Developed for Netscape to secure data transmission over the Internet, but recently new types of attack tools have appeared, seriously affecting the security of sensitive information such as user identity protected by SSL/HTTPS. Today's targeted SSLtrip research, the anti-SSLtrip attack solution to prevent the damage caused by SSLtrip.
Working principle of SSLtrip
1. First, the SSLtrip attacker needs to open its own route forwarding function;
2. Then it broadcasts ARP packets to the network for ARP spoofing, impersonating the route or the MAC address of the gateway. . So that all the data in the network will pass through this attacker;
3. Replace the https connection in all http data passing through it, and record which connections are replaced;
4. Attacker Establish a connection with the client computer via http. This link will be redirected to another port on the attacker;
5. The attacker then pretends to be a client to establish a https connection with the real server;
6. This way all data connections between the client and the server The attacker transparently performs proxy forwarding. For the client, it is the server, and for the server it is the client.
The figure below shows which https connections are replaced with normal http connections in the ssltrip attack.
7. In order to deceive the client user, all the icons in the browser will be replaced with the https icon;
8. At this time, the user name and password submitted by the client are sent to ssltrip in clear text. On the attacker's computer. The attacker steals the private information of the client without the client's knowledge.
Introduction to Attack Tools
1. Version 0.2
2. Operating Environment Linux
3. Need to enable system routing and forwarding function
4. Need to enable firewall port redirection function