SSL Strip ์ทจ์•ฝ์ 

๊ฐœ์š” 2009๋…„ ๋ณด์•ˆ์—ฐ๊ตฌ์› ์ด์˜€๋˜ Moxie Marlinspike ๊ฐ€ ์ฒ˜์Œ์œผ๋กœ ๋ฐœํ‘œํ–ˆ๋˜ ๊ณต๊ฒฉ์ž…๋‹ˆ๋‹ค. HTTPS(HyperText Transfer Protocol over Secure Socket Layer) ๋ผ๋Š” ๊ณต๊ฐœํ‚ค ์•”ํ˜ธํ™” ์—ฐ๊ฒฐ์„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋Š” ์›น์‚ฌ์ดํŠธ๋ฅผ HTTP ํ†ต์‹ ์œผ๋กœ ๋‹ค์šด๊ทธ๋ ˆ์ด๋“œ ์‹œ์ผœ ๋ฒ„๋ฆฌ๋Š” ์ผ์ข…์˜ MITM(Man In The Middle attack) ๊ณต๊ฒฉ ์ž…๋‹ˆ๋‹ค. ์ด ์ทจ์•ฝ์ ์˜ ์žฌ๋ฏธ์žˆ๋Š”์ ์€ ๊ณต๊ฒฉ์„ ๋‹นํ•ด๋„ SSL ์ธ์ฆ์„œ ์˜ค๋ฅ˜์™€ ๊ด€๋ จํ•˜์—ฌ ๋”ฐ๋กœ ์‚ฌ์šฉ์ž ์ธก์— ๋”ฐ๋กœ ํ‘œ์‹œํ•˜์ง€ ์•Š๊ธฐ ๋•Œ๋ฌธ์— SSL Strip ๊ณต๊ฒฉ์ด ๋ฐœ์ƒํ•˜๊ณ  ์žˆ๋‹ค๋Š” ๋‹จ์„œ๋ฅผ ์ฐพ์„ ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. ์–ด๋–ป๊ฒŒ ๋ฐœ์ƒ๋˜๋Š”๊ฐ€ ์ฒซ๋ฒˆ์งธ๋กœ ARP Spoofing์„ ํ†ตํ•ด ARP Table์„ ์ค‘๋…์‹œํ‚ค๊ฑฐ๋‚˜ ์‚ฌ์šฉ์ž๊ฐ€ ๊ณต๊ฒฉ์ž์˜ ๋ฌด์„  ๋„คํŠธ์›Œํฌ์— ๋“ค์–ด์˜ค๋„๋ก ์œ ์ธํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค..

WEB