Do browsers know domains that are supposed to be encrypted?

The short answer: they know a very limited number.

HTTP Strict Transport Security was introduced to provide better guarantees that a website is being served over HTTPS when specified by the operator.

This works well for websites you have visited recently as your browser will remember their HSTS policy and refuse a plaintext connection.

For example, if you visit your (previous visited from home) bank's website from an untrusted network that happens to have a man in the middle attempting to downgrade the connection to plain HTTP, your browser will refuse to connect because it remembers the website's security policy.

If you have not visited the site previously, the man in the middle needs to not only downgrade the connection security, but also remove the HSTS header (Strict-Transport-Security) from the response. This isn't difficult.

The problem you have identified is the major limitation: what happens if you are the victim of a downgrade attack during the first visit.

One solution browsers have implemented is to package a "pre-loaded HSTS list" of popular websites known to require HTTPS. Obviously this cannot be comprehensive and even with the list, attackers can still setup security downgrade proxies at slightly related DNS names.

You can submit a domain for inclusion in the HSTS Preload List at hstspreload.org.


Security researcher Moxie Marlinspike demonstrated this type of attack in 2009, using a tool that he created called 'sslstrip'. See https://www.youtube.com/watch?v=ibF36Yyeehw (beginning at about 8:34).

To prevent this type of attack, we now have HTTP Strict Transport Security (HSTS). Sites can include an HSTS header in their response, to inform browsers to always connect to the site by HTTPS in the future. Upon receiving the HSTS response header from the site, the browser adds the site to an 'HTTPS-only' list that it maintains, so that going forward, the browser will only connect to that site by HTTPS. So, with a site that has implemented HSTS, an sslstrip attack may succeed on the first connection to the site, but HSTS prevents an sslstrip attack on subsequent connections.

To prevent an sslstrip attack on the first connection to the site, the site operator can include the site on an HSTS preload list. HSTS preload lists are shipped with some browsers (e.g. Chrome), so that the browser knows to connect to these sites by HTTPS-only, even before connecting for the first time.

Tags:

Man In The Middle

Certificates

Tls

Related

Break out or bypass php functions Emergency method to erase all data off a machine within seconds If you SMS text someone, how much more information will they know about you? How can a company ensure cybercriminals destroy hacked data after payment? Is bcrypt(strtolower(hex(md5(pass)))) ok for storing passwords? On my website's account creation form, how to avoid leaking the information that an email address already has an account? Why does Windows not always force me to confirm my password when changing it? Is revealing the phone number during OTP verification process considered a vulnerability? Why is the use of TAB (%09) characters in the middle a 'javascript:' URL valid? Is cell phone number based verification secure? Randomly selected words converted into sentence. Did I lose passphrase strength or gain it? Why does my digital bank need my phone date and hour to be correct?

Recent Posts