Bypassing HSTS policy on the web browser #8
Description
HSTS only applies to software that fulfills all the specifications as a web browser. Therefore, in communications where there is no web browser involved, typical SSL MITM poses no issue.
However, if you intend to use a web browser, HSTS policies can cause inconvenience. Thus, here are some alternatives:
These alternatives are based on the assumption that we won't alter the web browser's settings. Disabling the HSTS feature by adjusting the browser settings can resolve the issue more easily than expected.
- Removing HSTS-related headers.
- Proxying with an actual web browser.
I'll add more ideas if they come up in the future.