Reply to post: this is so old...

Hacked in a public space? Thanks, HTTPS

Anonymous Coward
Anonymous Coward

this is so old...

Marlinspike presented this back at Black hat in 09.... it was great back then when noone used HSTS.... less useful now... I'm lazy and just redirect ports 443 and 80 to my burpsuite and activate the bypass on HTTPS connection failure feature... and you always get loads of traffic... most sites still don't have HTTPS, let alone HSTS... then you can just inject BEEF redirects into every HTML page you intercept so you start getting man-in-the-browser attacks going and an eventual meterpreter shell... you can always count on people just clicking through warnings of broken padlocks... works like a charm....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon