Servers and browsers have no way of detecting an SSL strip. Both applications assume that they are communicating with the real contacted partner, which is why they do not doubt the integrity of the transmitted data. The situation is quite similar for users, because at first glance, visiting the website seems to go as normal. SSL stripping can only be seen in a few exceptional cases, through technical or design details. Unless a strikingly faulty layout is presented, or considerable delays occur when loading the page, there are very few signs that SSL encryption is missing.
However, for quite a while now browser address lines have been providing hints in different ways: In order to identify websites with secure connections, the address bar was completely green in older versions of Microsoft Internet Explorer. Other browsers just highlighted the company’s previous name, until this type of identification – commonplace with the first web-enabled mobile devices – was replaced by today’s common symbols, such as the typical security lock. However, these visual hints do not always guarantee that the site being visited has not been compromised by tools like sslstrip. Since an attacker controls the whole data transfer, he is able to deliver a similar symbol to the favicon to perfect his deception.