Forum Thread: Bypass Google HSTS

Bypass Google HSTS

Hello, This Is My First Post At Null-byte I Will Tell You More About What I Discoverd In Google Servers ....

google have been dealing with ISPs to provide more speed so technically there is a servers in each country that is belong to google but they also appear in whois that is belong to ISP as a document i have readed it but for some reason i can't find it

so if we make a nslookup for google.com in a country like egypt
we will have ip addresses like that one : 41.128.200.52 if we open it , it will redirect to https://google.com ..

but those servers are not totaly secured because who are responsible for these servers not really working with google but with ISPs its like a mutual benefit.

if you just traveld in directions it will not redirect to https://google.com but it will use google in HTTP !

example : http://41.128.200.52/search/about/
.
.
.
Notice : Already Reported That What They Told Me :
-----------------------------------------------------------------------------------------
"Hello,
Thanks for reporting this issue. We appreciate you taking the time to help us improve security.

We've taken a look and can confirm that this is a duplicate of an existing bug that we're already tracking. Unfortunately, this excludes the report from our reward program -- duplicate submissions don't qualify for reward or credit.

Best of luck in your future bug hunting.
Regards,
Quan, Google Security Team"
-----------------------------------------------------------------------------------------

That's All For Today .
in my next thread i will tell you how to sniff google passwords in plain text it's mostly like this tutorial :
https://null-byte.wonderhowto.com/how-to/bypass-facebooks-hsts-0169414/
.
Also Sorry For My Bad English I Am Egyptian ,
15 years old ...

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active