SSL Misconfiguration

Overview SSL Misconfiguration causes a variety of issues such as sensitive pages being accessible via HTTP, use of weak SSL ciphers, and SSL stripping. Discovery Methodology Use an SSL cipher audit tool such as SSLScan to test cipher strength. Observe how the site handles an HTTP request. If the site redirects the user to HTTPS, the site can be stripped. Exploitation After ARP poisoning the client and the gateway, use SSLStrip to remove SSL connection. Videos Using Ettercap and SSLstrip to Capture Credentials: Load the video