Security Analysis and Mitigation of SSL Stripping, Homograph Redirection, and Keylogging Attacks: A Case Study on Thai Web Platforms
DOI:
https://doi.org/10.59796/jcst.V15N4.2025.146Keywords:
SSL Stripping, keylogging, homograph attack, HSTS implementation, time-based salted-hash passwordAbstract
The cybersecurity of critical Thai digital infrastructure is a pressing concern for national security. This research, conducted in collaboration with Thailand's Department of Special Investigation (DSI), presents a comprehensive security assessment of 27 specifically selected websites across financial, commercial, and educational sectors. Our investigation focuses on three critical attacks: SSL stripping, homograph redirection attacks, and keylogger injection. The findings reveal that 96.3% (26/27) of the examined websites are vulnerable to SSL stripping attacks due to inadequate HTTP Strict Transport Security (HSTS) implementation. Notably, even the sole website with proper HSTS Preload configuration demonstrated susceptibility to homograph attacks. Furthermore, all examined websites were susceptible to keylogger injection after successful Man-in-the-Middle (MITM) attacks, even when password hashing was used. To counter these threats, we propose an enhanced security framework integrating a Time-based Salted Hash Password (TSHP) mechanism and an On-Screen Keyboard (OSK) for login interfaces. Experimental evaluation shows that TSHP improves resistance to brute-force and replay attacks by generating dynamic, time-variant hashes, while OSK input prevented 100% of JavaScript keylogger captures when used exclusively. These countermeasures offer practical, low-cost solutions to strengthen Thailand’s digital services, enabling immediate deployment without infrastructure overhaul. Our findings provide actionable recommendations for policymakers and system administrators to enhance the cybersecurity posture of Thai web platforms, with broader implications for securing digital economies globally.
References
Bangkok Bank. (2023). Customers are advised to be cautious of fake websites impersonating Bangkok Bank’s official site. Retrieved from https://www.bangkokbank.com/en/Personal/Tips-and-Insights/Fake-Web
Bettercap. (2024). bettercap (Version 2.33.0): The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 network reconnaissance and MITM attacks [Computer software]. https://www.bettercap.org/
Buffermet. (2024, September 9). HSTS hijacking caplets [Code]. GitHub Gist. https://github.com/bettercap/caplets/blob/master/hstshijack/hstshijack.cap
Chanbuala, K., Puangpronpitag, E., Puangpronpitag, D., & Puangpronpitag, S. (2024). Evaluating and mitigating HTTPS interception in Thai E-banking websites: Challenges and solutions [Conference presentation]. Proceedings of the 2024 13th International Conference on Networks, Communication and Computing, Bangkok, Thailand. https://doi.org/10.1145/3711650.3711662
Croley, S. (2022). RTX_4090_v6.2.6.Benchmark [Benchmark results]. GitHub Gist. Retrieved from https://gist.github.com/Chick3nman/32e662a5bb63bc4f51b847bb422222fd
Hodges, J., Jackson, C., & Barth, A. (2012). HTTP strict transport security (HSTS) (RFC 6797). Internet Engineering Task Force. https://doi.org/10.17487/RFC6797
Hodges, J., Jones, J. C., Jones, M. B., Kumar, A., & Lundberg, E. (2021, April 8). Web authentication: An API for accessing public key credentials—Level 2. World Wide Web Consortium (W3C). Retrieved from https://www.w3.org/TR/webauthn-2/
Jirawankul, K. (2015). Phishing analysis of kasikorn.ru [Blog post]. FOH9. Retrieved from https://foh9.blogspot.com/2015/03/kasikornru.html
Khachenrum, P., Puangpronpitag, D., Puangpronpitag, S., & Puangpronpitag, E. (2023). Problem analysis of HSTS malfunction and SSL stripping attack. The Journal of King Mongkut’s University of Technology North Bangkok, 33(2), 626–636. https://doi.org/10.14416/j.kmutnb.2021.07.007
Kuchhal, D., Saad, M., Oest, A., & Li, F. (2023). Evaluating the security posture of real-world fido2 deployments [Conference presentation]. Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark. Retrieved from https://doi.org/10.1145/3576915.3623063
M’Raihi, D., Machani, S., Pei, M., & Rydell, J. (2011). TOTP: Time-based one-time password algorithm (RFC 6238). Internet Engineering Task Force. https://doi.org/10.17487/RFC6238
Marlinspike, M. (2009). New tricks for defeating SSL in practice. Black Hat DC 2009, Washington, DC, US. Retrieved from https://blackhat.com/presentations/bh-europe-09/Marlinspike/blackhat-europe-2009-marlinspike-sslstrip-slides.pdf
Offensive Security. (2024). Kali Linux 2024.2 release (t64, GNOME 46 & community packages) [Release notes]. Retrieved from https://www.kali.org
Puangpronpitag, E., & Puangpronpitag, S. (2022). Development of guidelines for cyber-crime investigation towards electronic banking services and analysis of information technology techniques to build a security-enhanced prototype [Research report]. Thailand Science Research and Innovation. Retrieved from https://jkb.oja.go.th/home/view/10762
Rescorla, E. (2000). HTTP over TLS (RFC 2818). Internet Engineering Task Force. Retrieved from https://doi.org/10.17487/RFC2818
Wireshark Foundation. (2023). Wireshark 4.4.0 release notes. Retrieved from https://www.wireshark.org/docs/relnotes/wireshark-4.4.0.html
Downloads
Published
How to Cite
Issue
Section
Categories
License
Copyright (c) 2025 Journal of Current Science and Technology
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
