Web servers provide new features for legitimate users, but also provide numerous avenues of attack for malicious actors. An attacker that has been able to compromise a system on a network can extract passwords stored in Internet Explorer or Firefox. A savvy defender can use a master password on Firefox to mitigate these kinds of attacks. An attacker that can only find their way on to the local network can use Ettercap to launch man in the middle attacks. If a web server automatically redirects unsecure HTTP traffic to a secure HTTPS site, then an attacker can use sslstrip to intercept the traffic before it is encrypted, allowing them to attack the connection without the browser warning of an improperly configured certificate chain.