All my web pages have SSL enabled. You still think I might be vulnerable to these attacks?
A common misconception is that SSL is the answer to most attacks.
SSL ensures that the server is who he claims to be, and that the traffic cannot be eavesdropped by anybody else. It achieves this by using a digital certificate to prove the authenticty of the server, and encryption to secure the traffic.
However, SSL cannot prevent an adversary intercepting his own communication with server using freely available web proxy editor tools (e.g. Webscarab, Burpproxy etc.). These tools intercept SSL communication within the adversary’s machine and present editable data to him in plaintext, which can be used to launch several popular attacks.