HSTS bypass with SSLstrip2 + DNS2proxy
To answer the original question - most people never type https://example.com
directly. They rely either on links (click here to access our secure login server) or on redirects (type "gmail.com"
in the browser, and you will be automatically redirected to a secure site).
This is where SSLStrip
comes in: it intercepts the original, unsecured HTTP reply, and replaces <a href="https">;
links with HTTP (insecure) versions. Also, it changes redirects ("Location:"
headers) that point to HTTPS URLs.
With SSLStrip2
, this goes a bit further (intercept, redirect to an invalid subdomain, use DNS interception to actually provide a valid IP for that subdomain).