-
Bypass HSTS is based on hostnames. If a target already visited www.supersite.example, you can try to redirect the target to a similar domain which the browser never visited before and thus doesn’t has HSTS activated. Rewrite the Host HTTP header for your server you want to impersonate and add another character, e.g. wwww.supersite.example. You prepared…
-
SSLstrip works as proxy which replaces HTTPS references in HTTP, HTML, JS,.… responses with HTTP versions. Installation: SSLstrip is old. Create a venv and install an older version of twisted: venv/bin/pip install Twisted==18.9.0 Remove HTTPS references via MitM Scenario: You want that $target routes all HTTP traffic through your own system. Your system should remove each…