- Fixed a bug that would make certain sites end up in a infinite redirect loop

- HSTS headers now get deleted
2025-07-08 05:51:48 -07:00 · 2015-03-13 18:37:16 +01:00 · 2015-03-13 18:37:16 +01:00 · 10468bfa5e
commit 10468bfa5e
parent cb09a12164
3 changed files with 7 additions and 4 deletions
--- a/libs/sslstrip/ClientRequest.py
+++ b/libs/sslstrip/ClientRequest.py
@ -190,7 +190,7 @@ class ClientRequest(Request):
    def process(self):
        logging.debug("Resolving host: %s" % (self.getHeader('host')))
        host     = self.getHeader('host')               
-        
+
        if (self.hsts and host):
            real = self.urlMonitor.real

--- a/libs/sslstrip/ServerConnection.py
+++ b/libs/sslstrip/ServerConnection.py
@ -125,15 +125,14 @@ class ServerConnection(HTTPClient):
                self.isCompressed = True

        elif (key.lower()== 'strict-transport-security'):
-            value="max-age=0"
-            logging.info("Zapped a strict-trasport-security header")
+            logging.info("%s Zapped a strict-trasport-security header" % self.client.getClientIP())

        elif (key.lower() == 'content-length'):
            self.contentLength = value

        elif (key.lower() == 'set-cookie'):
            self.client.responseHeaders.addRawHeader(key, value)
-        
+
        else:
            self.client.setHeader(key, value)

--- a/libs/sslstrip/URLMonitor.py
+++ b/libs/sslstrip/URLMonitor.py
@ -76,6 +76,10 @@ class URLMonitor:
        method      = url[0:methodIndex]

        pathIndex   = url.find("/", methodIndex)
+        if (pathIndex == -1):
+            pathIndex = len(url)
+            url += "/"
+
        host        = url[methodIndex:pathIndex].lower()
        path        = url[pathIndex:]