- Fixed a bug that would make certain sites end up in a infinite redirect loop

- HSTS headers now get deleted

libs/sslstrip/ClientRequest.py

@@ -190,7 +190,7 @@ class ClientRequest(Request):
     def process(self):
         logging.debug("Resolving host: %s" % (self.getHeader('host')))
         host     = self.getHeader('host')               
-        
+
         if (self.hsts and host):
             real = self.urlMonitor.real
 

libs/sslstrip/ServerConnection.py

@@ -125,15 +125,14 @@ class ServerConnection(HTTPClient):
                 self.isCompressed = True
 
         elif (key.lower()== 'strict-transport-security'):
-            value="max-age=0"
+            logging.info("%s Zapped a strict-trasport-security header" % self.client.getClientIP())
-            logging.info("Zapped a strict-trasport-security header")
 
         elif (key.lower() == 'content-length'):
             self.contentLength = value
 
         elif (key.lower() == 'set-cookie'):
             self.client.responseHeaders.addRawHeader(key, value)
-        
+
         else:
             self.client.setHeader(key, value)
 

libs/sslstrip/URLMonitor.py

@@ -76,6 +76,10 @@ class URLMonitor:
         method      = url[0:methodIndex]
 
         pathIndex   = url.find("/", methodIndex)
+        if (pathIndex == -1):
+            pathIndex = len(url)
+            url += "/"
+
         host        = url[methodIndex:pathIndex].lower()
         path        = url[pathIndex:]