Security · TLS Attacks

SSL Stripping Attacks: When HTTPS Isn’t Enough

March 27, 2026 · 10 min read · H33 Engineering Team

You check the URL bar. It says your bank’s name. The page looks right. The login form works. You enter your password.

What you didn’t notice: the URL starts with http://, not https://. A single missing letter “s” means your password just traveled across the network in plaintext. An attacker sitting between you and the server read it as it passed through.

This is SSL stripping. It has been a known attack since 2009. It still works in 2026.

How SSL stripping works

SSL stripping is a man-in-the-middle attack that downgrades your HTTPS connection to plain HTTP. The attacker doesn’t need to break encryption. They simply prevent it from starting.

Here’s the sequence:

The attacker positions themselves between you and the server. This can be via an evil twin WiFi network, ARP poisoning, or any other MITM technique.
You request a website. Your browser sends an HTTP request (the initial request is almost always HTTP, not HTTPS).
The server responds with a redirect to HTTPS. This is normal — the server tells your browser to switch to the secure version.
The attacker intercepts the redirect. Instead of forwarding the HTTPS redirect to your browser, the attacker connects to the server over HTTPS themselves and sends you the content over plain HTTP.
You see the page. It works. The attacker acts as a translator: HTTPS on the server side, HTTP on your side. You see the real content. Everything functions normally. But nothing is encrypted on your end.

The attacker sees every keystroke, every cookie, every form submission. Your browser never established a secure connection, so there’s nothing to break.

The tool that started it all

Moxie Marlinspike released sslstrip at Black Hat DC in 2009. The tool is a transparent proxy that performs exactly the attack described above. It has been updated, forked, and integrated into dozens of attack frameworks since then. Modern versions handle HTTP/2, WebSocket upgrades, and even some HSTS bypasses.

Why HSTS doesn’t fully solve it

HTTP Strict Transport Security (HSTS) was designed specifically to counter SSL stripping. When a browser visits an HSTS-enabled site, it remembers to always use HTTPS for that domain. In theory, this prevents the downgrade.

In practice, HSTS has critical gaps:

First visit vulnerability: HSTS only works after the browser has visited the site at least once over HTTPS. The very first visit is still vulnerable to stripping. This is called the “bootstrap problem.”
HSTS preload is incomplete: The Chrome HSTS preload list contains roughly 200,000 domains. There are over 350 million registered domains. The vast majority of websites are not preloaded.
Subdomains are often excluded: Many HSTS configurations don’t include subdomains. An attacker can strip connections to api.bank.com even if bank.com is protected.
Cache clearing resets HSTS: Users who clear their browser cache or use private browsing mode lose HSTS entries. They’re back to being vulnerable on first visit.
HSTS bypass tools exist: Tools like sslstrip2 and dns2proxy work together to redirect traffic to slightly different hostnames (wwww.bank.com) that aren’t covered by the HSTS policy.

HSTS is a good defense for repeat visitors to major websites. It is not a complete defense against SSL stripping. The first visit, the cleared cache, the subdomain, the typo domain — all remain vulnerable.

Certificate pinning: partial solution, partial deployment

Certificate pinning tells an application to only accept specific TLS certificates. If the certificate doesn’t match, the connection is refused. This prevents SSL stripping because the attacker cannot present the correct pinned certificate.

The problem: certificate pinning is application-specific. It protects the one app that implements it. Your browser, your email client, your Slack desktop app, your SSH client — each would need its own pinning configuration. And if the pin is wrong or expires, the entire application breaks.

Google removed certificate pinning from Chrome in 2020 because the maintenance burden and breakage risk outweighed the security benefit. If Google gave up on it, most organizations won’t even start.

How ZK Proven detects SSL stripping

ZK Proven doesn’t rely on the browser to enforce HTTPS. It operates below the application layer and detects encryption downgrades through multiple independent signals.

Canary signal failure

ZK Proven’s canary signals are cryptographic challenges embedded in the connection handshake. These challenges are designed to be handled correctly only by a genuine endpoint over a properly encrypted channel. An SSL stripping proxy cannot correctly respond to canary challenges because it has terminated the real TLS session and replaced it with a plain HTTP connection.

The canary failure triggers an immediate score collapse. Not a warning. Not a notification. Score zero. Connection dead.

Protocol authenticity proof

ZK Proven’s ephemeral key proof uses CRYSTALS-Dilithium signatures that are bound to the specific TLS session parameters. If the TLS session doesn’t exist (because the connection was stripped to HTTP), the Dilithium binding fails. The proof cannot be generated, and the score cannot rise above zero.

Temporal coherence disruption

SSL stripping introduces a processing step: the attacker must receive your HTTP request, establish their own HTTPS connection to the server, fetch the response, strip the HTTPS references, and send the modified response back to you over HTTP. This processing adds latency and disrupts the temporal coherence pattern that ZK Proven monitors continuously.

Triple detection

ZK Proven catches SSL stripping through three independent mechanisms: canary signal failure, Dilithium binding failure, and temporal coherence disruption. An attacker would need to defeat all three simultaneously — which requires forging post-quantum cryptographic proofs in real time.

The real danger: you never see it

The most dangerous aspect of SSL stripping is its invisibility. There is no browser warning. There is no error page. There is no certificate mismatch popup. The page loads. It works. It looks exactly like the real thing.

The only visible indicator is the missing padlock icon and the “http://” instead of “https://” in the address bar. Studies consistently show that fewer than 5% of users notice this difference. On mobile browsers, the URL bar is often truncated or hidden entirely.

This is why passive defenses like “check the URL bar” are useless at scale. You need an active defense that detects the downgrade automatically and kills the connection before any sensitive data is transmitted.

SSL stripping is a building block

SSL stripping is rarely the entire attack. It’s typically combined with other MITM techniques:

Evil twin + SSL stripping: The attacker creates a fake WiFi network and strips TLS from all connections passing through it
ARP poisoning + SSL stripping: The attacker redirects local network traffic through their machine and strips TLS
DNS spoofing + SSL stripping: The attacker redirects DNS queries to their server and serves HTTP-only versions of legitimate sites

ZK Proven detects the composite attack because it checks multiple layers simultaneously. Even if the SSL stripping component were somehow invisible, the underlying MITM positioning (evil twin, ARP poisoning, DNS spoofing) would be caught by the network topology and canary signal proofs.

Stop SSL stripping before it starts

ZK Proven detects encryption downgrades at the protocol level, not the browser level.

Explore ZK Proven →

Start building

One crate. Three lines. Every connection proven.

Start Free — 1,000 Ops

SSL Stripping TLS Security HTTPS ZK Proven MITM Encryption

Related: H33-ZK Proven Product Page · MITM Attack Prevention · Evil Twin WiFi Protection · DNS Spoofing Protection · Session Hijacking Prevention