Hsts bypass

Open IamKO opened this issue 4 years ago • 1 comments

Hello does your tool bypass HSTS?

May 26 '21 16:05 IamKO

hey, thanks for checking out CopyCat! Short answer is no, you have to get your target to load a separate domain that they think is the real domain. You used to be able to load subdomains and depending on the security configurations of the domain you're spoofing that could still work, but is far less common than it used to be.

This current version is no longer in development. I rearchitected this tool to take a different approach, and the challenging/interesting part of it is getting one domain's content to render and function properly on a different domain (e.g. google.com functions on fakegoogle.com). I've been trying to find commercial applications for that, so I havent published that code.

Jun 07 '21 17:06 compewter