What do you think would happen if someone accesses a site that has the HTST mechanism enabled, for the first time? Would SSL Stripping still be possible?
Asked
Active
Viewed 391 times
-1
-
Does the thread HSTS bypass with SSLstrip2 + DNS2proxy answers to your question (in particular "If the client is requesting for the first time the server, it will work anytime")? – WhiteWinterWolf Jan 18 '16 at 10:25
1 Answers
0
Some browsers includes a mechanism named "HSTS preload", which consists of a list of sites which uses HSTS to avoid this "first-access" attack.
Google made a website which can be used to request the insertion of your website in those lists.
Benoit Esnard
- 14,694
- 7
- 69
- 69