A new strategy to defense against SSLStrip for Android

Download PDF
Open Webpage

Yan Zhao, Youxun Lei, Tan Yang, Yidong Cui

Published: 01 Jan 2013, Last Modified: 17 Apr 2025ICCT 2013EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Many Android applications have a legitimate need to communicate over the Internet, so it is needed to protect potential sensitive data during the transmission. Since smart phones are in a mobile network environment, it is easier to be exploited to launch Man-in-the-Middle (MITM) attacks. This paper installs the application SSLStrip for Android which is downloaded from Github, studies its attack process and basic principle, and then proposes a strategy to defense against SSLStrip attacks. The authors extend the function of DHCP server; also an Android application based on Tcpdump is to be developed. This application can receive and analyze DHCP messages from the DHCP server, and get the MAC address of gateway from DHCP message, then record it into ARP-Cache statically. In this way, SSLStrip MITM attacks can be prevented thoroughly in a mobile network environment.

OpenReview is a long-term project to advance science through improved peer review with legal nonprofit status. We gratefully acknowledge the support of the OpenReview Sponsors. © 2025 OpenReview