Forum Thread: How to Bypass HSTS with BurpSuite

How to Bypass HSTS with BurpSuite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect secure HTTPS websites against downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,1 and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797.

How to bypass HSTS with BurpSuite:

2 Responses

I cant see that HSTS is bypassed here :/

Share Your Thoughts

  • Hot
  • Active