Stop HTTPS Attacks: Protect Your Connection

TL;DR

HTTPS attacks let someone secretly watch your internet traffic even on secure websites. This guide shows you how to check if a website is safe and what tools can help protect you.

Checking Website Security

1. Look for the padlock: In your web browser’s address bar, there should be a small padlock icon. If it’s not there, or it looks broken/different, don’t enter sensitive information on that site.
2. Check the certificate details: Click the padlock icon and look at ‘Connection is secure’. You can usually view the certificate details here. Make sure:
   • The certificate is valid (not expired).
   • The certificate is issued to the correct website domain.
   • The issuing Certificate Authority (CA) is trusted. Your browser has a list of trusted CAs.
3. Beware of warnings: Pay attention to any security warnings your browser displays. These often indicate problems with the certificate or website security.

Tools and Techniques for Protection

1. Keep Your Browser Updated: Web browsers regularly release updates that include important security fixes. Make sure you’re using the latest version.
   • Chrome: Settings > About Chrome
   • Firefox: Menu > Help > About Firefox
   • Edge: Settings > About Microsoft Edge
2. Use a Reputable Antivirus/Internet Security Suite: Many security suites include features to detect and block malicious websites and attacks.
3. HTTPS Everywhere (Browser Extension): This extension automatically switches connections to HTTPS where available, even if you type in http://.
   • Available for Chrome and Firefox: EFF’s HTTPS Everywhere
4. Public Wi-Fi Caution: Avoid using public, unsecured Wi-Fi networks for sensitive transactions (banking, shopping). If you must use them:
   • Use a Virtual Private Network (VPN) to encrypt your connection.
   • Look for HTTPS on all websites.
5. Certificate Pinning (Advanced): This technique involves hardcoding the expected certificate of a website into your application or browser. It prevents attackers from using rogue certificates, even if they’ve compromised a CA.

   This is more complex and usually done by developers.

Detecting Man-in-the-Middle Attacks

1. Wireshark (Network Analysis): A powerful tool for capturing and analyzing network traffic. You can use it to inspect HTTPS connections, but you’ll need the decryption keys if the traffic is encrypted.

   sudo apt install wireshark

   Be careful when using Wireshark as it can expose sensitive data.

2. SSLScan (Security Scanner): Checks a website’s SSL/TLS configuration for vulnerabilities.

   sslscan example.com

3. Burp Suite (Web Security Proxy): A comprehensive web security testing tool that can intercept and analyze HTTPS traffic.

What to do if you suspect an attack

1. Stop what you’re doing: Immediately stop any transactions or data entry on the website.
2. Change your passwords: Change passwords for all accounts that may have been compromised, especially banking and email.
3. Contact your bank/financial institution: Report the incident to your bank or financial institution if you suspect fraudulent activity.
4. Run a full system scan: Use your antivirus software to perform a full system scan for malware.