While running the following command in Kali mitmf -i eth0 --arp --spoof --gateway 192.168.1.1 --target 192.168.1.4 --filepwn i have noticed that in latest chrome, when i typed google.gr the result was an http version of google. (Although that did not work in Facebook or Linked in websites opened by victim). How does filepwn implement the above feature?
Asked
Active
Viewed 368 times
1
mpla_mpla
- 181
- 1
- 5
1 Answers
0
Google.com (and all other country versions like google.gr) do opportunistic HSTS (see this answer for more details). It is an interesting question though, why they would stop enforcing https from their chrome browsers (as it used to be like that in the past).
Facebook does strict HSTS, which is why you will 'never' be able to force the client into http mode for Facebook. AFAIK, Linkedin does not use HSTS, so something else must have gone wrong there.
Glorfindel
- 2,235
- 6
- 18
- 30
Michael
- 5,393
- 2
- 32
- 57