added HSTS bypass as demonstrated by Leonardo Nve at blackhat

2025-07-12 16:13:59 -07:00 · 2014-10-11 13:09:06 +02:00 · 2014-10-11 13:09:06 +02:00 · 82739bba9f
commit 82739bba9f
parent 5be41cfd37
11 changed files with 765 additions and 18 deletions
--- a/sslstrip/ServerConnection.py
+++ b/sslstrip/ServerConnection.py
@ -23,6 +23,7 @@ from twisted.web.http import HTTPClient
 from ResponseTampererFactory import ResponseTampererFactory
 from URLMonitor import URLMonitor
 from ProxyPlugins import ProxyPlugins
+
 class ServerConnection(HTTPClient):

    ''' The server connection is where we do the bulk of the stripping.  Everything that
@ -105,6 +106,7 @@ class ServerConnection(HTTPClient):
            self.client.responseHeaders.addRawHeader(key, value)
        else:
            self.client.setHeader(key, value)
+
        self.plugins.hook()

    def handleEndHeaders(self):