What is SSL stripping and how to avoid it?

  SSL Stripping, also known as SSL Downgrade attacks, is in simple terms, high-tech , undetected eavesdropping. The aim of an SSL Stripping attack is always to kill secure communication without the victim realizing. It’s all about data collection and manipulation. SSL Stripping allows attackers to downgrade your connection from a secure HTTPS to an insecure HTTP. This in turn, leaves you vulnerable to spying and data manipulation. It is somewhat similar to wiretapping, just a little more technical. However, both wiretapping and SSL Stripping have a ‘man-in-the-middle’ - the person who does the eavesdropping. In this case, it’s the hacker, who creates a proxy server that intercepts and reroutes the traffic from a victim’s computer to theirs. They can then use the intercepted information to do just about anything they want. Users will often not realize their information is being or has been compromised, because they will end up on a page that looks practically the same as the one they were searching for. That’s how SSL Stripping tricks users into believing their connection is secure and their data encrypted, but the connection is actually insecure and the data is sent in plain text, because the encryption would have [...]