What do you think would happen if someone accesses a site that has the HTST mechanism enabled, for the first time? Would SSL Stripping still be possible?
Asked
Active
Viewed 365 times
-1
-
Does the thread [HSTS bypass with SSLstrip2 + DNS2proxy](http://security.stackexchange.com/q/84767/32746) answers to your question (in particular "*If the client is requesting for the first time the server, it will work anytime*")? – WhiteWinterWolf Jan 18 '16 at 10:25
1 Answers
0
Some browsers includes a mechanism named "HSTS preload", which consists of a list of sites which uses HSTS to avoid this "first-access" attack.
Google made a website which can be used to request the insertion of your website in those lists.
Benoit Esnard
- 13,942
- 7
- 65
- 65