Jump to content


  • Content Count

  • Joined

  • Last visited

About overl0ad3r

  • Rank

Recent Profile Visitors

191 profile views
  1. I'm doing some pentests on a HTTPS (443) server that DOES NOT have HSTS implemented (no HSTS headers on response and the address is not on chrome HSTS pre loaded list). The problem is that in my scenario the user has visited the web site before, so it has the first http (80) request response cached on the browser. So when the user types in "targetaddress.com" the browser automatically gets the cached redirect (301 - http to https) also making the first sslstrip useless. My workaround for this was to block 443 requests so the user, not being able to connect to the target, goes and manually c
  • Create New...