Is poisontap effective with HSTS enabled website ?
theCake75 opened this issue · comments
Hello,
I didnt understand something, I know that Poisontap is works good by capturing non-HSTS website's cookies, I tried to reinject the cookie captured by poisontap on another pc by document.cookie on console and it worked fine but what about the major websites ? (twitter, facebook ...), does the backdoor configuration can do something ? Or are we totally safe on those website againts PS ?
I didnt correcty understand this :
allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user's cookies on any backdoored
Does this mean the attacker can get (example)twitter session cookies with the backdoor remotely ?
I dont see any twitter.com cookie on my poisontap.cookies.log