Hello,

I didnt understand something, I know that Poisontap is works good by capturing non-HSTS website's cookies, I tried to reinject the cookie captured by poisontap on another pc by document.cookie on console and it worked fine but what about the major websites ? (twitter, facebook ...), does the backdoor configuration can do something ? Or are we totally safe on those website againts PS ?

I didnt correcty understand this :

allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user's cookies on any backdoored

Does this mean the attacker can get (example)twitter session cookies with the backdoor remotely ?
I dont see any twitter.com cookie on my poisontap.cookies.log