Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bypassing HSTS policy on the web browser #8

Open
gnh1201 opened this issue Feb 27, 2024 · 0 comments
Open

Bypassing HSTS policy on the web browser #8

gnh1201 opened this issue Feb 27, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@gnh1201
Copy link
Owner

gnh1201 commented Feb 27, 2024

HSTS only applies to software that fulfills all the specifications as a web browser. Therefore, in communications where there is no web browser involved, typical SSL MITM poses no issue.

However, if you intend to use a web browser, HSTS policies can cause inconvenience. Thus, here are some alternatives:

These alternatives are based on the assumption that we won't alter the web browser's settings. Disabling the HSTS feature by adjusting the browser settings can resolve the issue more easily than expected.

  1. Removing HSTS-related headers.
  2. Proxying with an actual web browser.

I'll add more ideas if they come up in the future.
@gnh1201 gnh1201 added the enhancement New feature or request label Feb 27, 2024
@gnh1201 gnh1201 changed the title Bypassing HSTS policy Bypassing HSTS policy on the web browser Jul 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gnh1201