Jump to content

HSTS exploit?


Recommended Posts

I suppose a workaround is to just DNS spoof and phish HSTS domains...no? Would be nice if there was a modue to 1) detect HSTS, 2) auto DNS spoof it, 3) and on the fly mirror the portal html locally for phishing.

Or, do site such as Gmail have non-HSTS versions of the portals traffic could be redirected to with DNS spoof?

Edited by comatose603
Link to comment
Share on other sites

I had an idea a while ago to maybe inject the code that tells a browser that the site there at is HSTS. Basically screwing there browser. The next time they visit that site not on the pineapple they cant;-) could make it worse by speeding up the process by loading many domains/sites within a series of Iframes. Would this be possible?

Link to comment
Share on other sites

I don't know if sslstrip removes the HSTS flag when it is running, if you've not seen any data in it then maybe not yet. Don't forget you would have to hit the page through HTTP first so that it can act as a local proxy for the HTTPS traffic.

Failing that I'm planning an extension to the proxy I wrote for the keylogger so that it will take an upstream proxy which could be sslstrip. My proxy would then strip the HSTS header so the browser never sees it.

Might be worth doing some research on how long the browser remembers the setting for, whether it is only when it sees it in the headers or if once it has seen it then it sticks for that session.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...