Inline-script sslstrip.py with flow.request.headers in response function

phackt · September 14, 2016, 10:05pm

Hello,

You can check here the sslstrip.py script:

For this script we have in the response function;

def response(flow):
flow.request.headers.pop(‘Strict-Transport-Security’, None)
flow.request.headers.pop(‘Public-Key-Pins’, None)

Why flow.request instead of flow.response for these response headers?

Thanks in advance,

mhils · September 14, 2016, 11:06pm

Thanks for pointing this out! That very much looks like a bug, would you like to submit a PR that fixes that?

phackt · September 14, 2016, 11:48pm

Ok i will do that.

Thanks,

Topic		Replies	Views
Keep encountering `Script error` when modifying response help	3	2710	September 10, 2016
Unable to modify any traffic help	1	879	July 30, 2016
Need help with Flow.request.body syntax	1	3326	June 26, 2017
Return response directly + no request to target domain or server help	2	1434	August 6, 2018
2.0.2 : receiving wrong request from mitmproxy help	2	833	September 12, 2017