A Browser-Based Distributed System for the Detection of HTTPS Stripping Attacks against Web Pages

Abstract : HTTPS stripping attacks leverage a combination of weak configuration choices to trick users into providing sensitive data through hijacked connections. Here we present a browser extension that helps web users to detect this kind of integrity and authenticity breaches, by extracting relevant features from the browsed pages and comparing them to reference values coming from different sorts of trusted sources. The rationale behind the extension is discussed and its effectiveness is demonstrated with some quantitative results, gathered on the prototype that has been implemented for Mozilla Firefox.
Document type :
Conference papers
Complete list of metadatas

Cited literature [7 references]  Display  Hide  Download

https://hal.inria.fr/hal-01518220
Contributor : Hal Ifip <>
Submitted on : Thursday, May 4, 2017 - 1:45:18 PM
Last modification on : Thursday, May 4, 2017 - 2:53:56 PM
Long-term archiving on : Saturday, August 5, 2017 - 1:33:06 PM

File

978-3-642-30436-1_47_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Marco Prandini, Marco Ramilli. A Browser-Based Distributed System for the Detection of HTTPS Stripping Attacks against Web Pages. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. pp.549-554, ⟨10.1007/978-3-642-30436-1_47⟩. ⟨hal-01518220⟩

Share

Metrics

Record views

65

Files downloads

101