now stripping hsts requests from headers

2025-07-15 01:23:54 -07:00 · 2014-07-18 13:21:48 +02:00 · 2014-07-18 13:21:48 +02:00 · 87971d9586
commit 87971d9586
parent 8c4d55b01b
2 changed files with 2 additions and 3 deletions
--- a/plugins/JavaPwn.py
+++ b/plugins/JavaPwn.py
@ -1,6 +1,3 @@
-#
-# Work in progress
-#
 from plugins.plugin import Plugin
 from plugins.BrowserProfiler import BrowserProfiler
 from time import sleep
--- a/sslstrip/ClientRequest.py
+++ b/sslstrip/ClientRequest.py
@ -55,9 +55,11 @@ class ClientRequest(Request):

        if 'accept-encoding' in headers:
             headers['accept-encoding'] == 'identity'
+             logging.debug("zapped encoding")

        if 'Strict-Transport-Security' in headers: #kill new hsts requests
            del headers['Strict-Transport-Security']
+            logging.debug("zapped a HSTS request")
        
        if 'if-modified-since' in headers:
            del headers['if-modified-since']