Hi,

how can I use Wireshark to see if a particular web site, web app is using HSTS?

Thanks

asked 17 Feb, 05:35

adasko's gravatar image

adasko
86283642
accept rate: 0%


IF you can decrypt the HTTP exchange between server and client, you can check to see if the HSTS header is present in the HTTP response from the server. IF NOT then you can't.

link

answered 17 Feb, 08:15

Jaap's gravatar image

Jaap ♦
10.9k1698
accept rate: 14%

As Jaap said: If you can decrypt the traffic you will be able to see the HSTS header.

If not you can use the Web Developer tools in your browser (available in/for Chrome, Safari, Firefox, Internet Explorer) or you can configure a proxy like Fiddler to see the headers.

link

answered 17 Feb, 11:22

Uli's gravatar image

Uli
24718
accept rate: 10%

cURL does it without acting as a proxy and without having to decrypt the payload:

https://www.owasp.org/index.php/Test_HTTP_Strict_Transport_Security_(OTG-CONFIG-007)

(17 Feb, 11:58) adasko

cURL does receive the plain text payload though, the library it uses for the TLS connection does the decryption for it.

Wireshark does not originate any connections so do not have access to the key, and hence the plain text payload unless the user provides the keying material.

(18 Feb, 02:04) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×1

Asked: 17 Feb, 05:35

Seen: 136 times

Last updated: 18 Feb, 02:04

Related questions

p​o​w​e​r​e​d by O​S​Q​A