Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

not working nowadays #2

Open
roccomuso opened this issue Dec 6, 2016 · 6 comments
Open

not working nowadays #2

roccomuso opened this issue Dec 6, 2016 · 6 comments

Comments

@roccomuso
Copy link

screenshot from 2016-12-06 21-08-04
@DinisCruz
Copy link
Contributor

what was the set-up you had (what browser did you use?)

also , it looks like you tried to open an https page and the proxy is currently only proxying http requests

@roccomuso
Copy link
Author

Yeah but the ssl strip is meant to "strip" the pages with HTTPS right? that's supposed to be his main goal.

@DinisCruz
Copy link
Contributor

DinisCruz commented Dec 13, 2016
edited
Loading

yes and that is done with this line https://github.com/o2platform/node-ssl-strip/blob/master/poc/google.coffee#L21 on http traffic

image

Note that there is a white list of domains to apply modifications to

image

if you run the poc (i.e. ./node_modules/.bin/coffee poc/google.coffee) you are only intercepting google.co.uk and google.com

@roccomuso
Copy link
Author

alright, but what about HSTS?

@DinisCruz
Copy link
Contributor

well HSTS will prevent this from happening.

When you have HSTS you can't really man-in-the-middle like this (which is the point of HSTS :) )

@roccomuso
Copy link
Author

That's why it's not working with google.com either.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DinisCruz @roccomuso