Hacker News new | past | comments | ask | show | jobs | submit login

Good luck with that once hsts, cert pinning, and TLS 1.3 become more common.



MiTM proxying TLS 1.3 connections works just fine.

Browsers ignore cert pinning when the CA certificate was manually installed, so this is not a problem either.

I have no idea what HSTS is doing on your list.


> I have no idea what HSTS is doing on your list.

https://moxie.org/software/sslstrip/


We're talking about voluntarily installed proxy. Why would anyone want to mount an HTTPS stripping attack against themselves?




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: