MITM in 2026: how attackers decrypt your HTTPS traffic on cafe WiFi
Most people think the padlock icon means their traffic is safe on public WiFi. In 2026, a $40 router and 15 lines of Python defeat that assumption — at least for the 18% of sites that don't enforce HSTS. Here's exactly how SSL stripping still works and the one browser setting that closes the gap.
Subscribe to BreachBytes for daily cybersecurity breakdowns.
#cybersecurity #https #mitm #infosec #wifi #ssl #publicwifi
00:00 The Moxie Marlinspike SSLstrip demo (still relevant 16 years later)
01:00 How HTTPS actually defends you
02:00 The HTTP redirect gap
03:00 What HSTS does (and the 18% of sites that lack it)
04:00 Live demo: SSLstrip in 2026 on an unprotected SaaS login
05:00 The one browser setting that closes the gap
06:00 Why a VPN partially helps and fully doesn't
06:50 Recap + the public-WiFi protocol that protects you
This video reports on publicly disclosed cybersecurity attack patterns for educational and journalistic purposes. No exploit code, working proof-of-concept, or operational guidance is provided. Sources are linked above where applicable.