
A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks - LinuxBender
https://www.zdnet.com/article/a-mysterious-group-has-hijacked-tor-exit-nodes-to-perform-ssl-stripping-attacks/
======
vwat
What are they even talking about? People can just casually decrypt https now?
Isn’t the whole point of https that something like this can’t happen?

~~~
rcxdude
SSL stripping is more of a downgrade attack than a decryption. It relies on
the fact that most website URLS are still http by default and the webservers
just use an http to https redirect. If you can MITM the http request you can
prevent the redirect and just present the HTTPs content through HTTP with all
the MITM tampering you could ever want. It's the kind of attack HSTS is
designed to try to prevent, but even that requires the victim visit the
website once legitimately.

~~~
kanox
The "HTTPS Everywhere" extension should also prevent against this, right?
Since it blocks all http traffic.

I always keep it enabled and there are almost no sites that require exceptions
except on corporate intranet.

