Jump to content

overl0ad3r

Members
  • Content Count

    1
  • Joined

  • Last visited

Posts posted by overl0ad3r

  1. I'm doing some pentests on a HTTPS (443) server that DOES NOT have HSTS implemented (no HSTS headers on response and the address is not on chrome HSTS pre loaded list).

    The problem is that in my scenario the user has visited the web site before, so it has the first http (80) request response cached on the browser.

    So when the user types in "targetaddress.com" the browser automatically gets the cached redirect (301 - http to https) also making the first sslstrip useless.

    My workaround for this was to block 443 requests so the user, not being able to connect to the target, goes and manually clear the browser cache/history in a attempt to restore connection. Then sslstrip will be effective as it now will intercept/tamper http request (301 redirect) response.

    Are there any other better ways to do this, other than blocking port 443 and without using sslstrip2/dns2proxy ?

×
×
  • Create New...