| With the rapid development of Internet technology, people’s work and life has been gradually inseparable from the network, at the same time e-commerce activities also be increased, how to transfer e-commerce data and other sensitive data securely on the network has become the very important issue currently. Against this background HTTPS protocol is being launched and the number of users grow rapidly.There are also some defects with the HTTPS protocol inevitably. With the widespread use of the HTTPS protocol, a large number of attacks appears.These attacks are a serious threat to the development of e-commerce. Man-in-the-middle attack is the most typical type one, how to prevent MTIM attacks has become the most urgent issue.In this paper,the security of the HTTPS protocol is analyzed and the threats against this protocol are given.We introduce the attacks against the HTTPS protocol from two points of code-breaking and MITM attack, and analyze three kinds of MITM attacks against the HTTPS protocol:SSLsniff, SSL renegotiation, SSLstrip.Given the SSLstrip attack which is widely used is based on the consumer behavior, we emphasize on programming and improving the SSLstrip attack in Linux operating system and windows operating system.How to prevent the SSLstrip attack is another key part of this paper. We presented a countermeasure that protects against the attack. We leverage the browser’s history to create a security profile for each visited website. Each profile contains information about the exact use of SSL at each website and all future connections to that site are validated against it. We show that SSL stripping attacks can be prevented with acceptable overhead and without support from web servers or trusted third parties. |
PDF Full Text Request