i am aware of HSTS and their directives... If you had enabled HSTS on your site however, and this user has visited your site before, the browser will remember it should go back to https. As the fake site does not have an SSL certificate, the user can’t visit the site, and will be safe.
However i am unable to reproduce a mitm attack when i had visited the site before, only when deleting all cookies and trying again it works just fine. For some reason the website is acting like it had HSTS but it doesn't... so what is wrong here?? if the website doesn't have HSTS then the browser shouldn't remember to connect to HTTPS
What i am doing:
1- if i delete cookies and try to connect to example.com the mitm works just perfect.
2- if i visit the site and and close browser, and then try to reproduce the mitm attack it doesn't work. it connects to HTTPS directly. (it should work because the website doesn't have HSTS)
3- if i visit example.com and close the browser, and then try to reproduce the mitm attack typing example.com/about the mitm attack works perfectly.
4- if i visit example.com/about and close the browser, and then try yo reproduce the mitm attack typing example.com/about the mitm doesn't work.
For some reason the website doesn't have HSTS but looks and works like it's implemented