Redirection from HTTP to HTTPS to a different host preventing HSTS

By
Nash N Sulthan
Published on
05 Jun 2022
1 min read
Vulnerability
Client Side URL Redirect
HSTS

The most effective way to redirect network traffic is to use a permanent redirection. This way, search engines and users can easily redirect to the website under HTTPS from an HTTP request. In many cases, this technique cannot guarantee safe traffic for your users. Redirection from HTTP to HTTPS can be abused by attackers for phishing attacks and can be redirected to a different host without any proper validation of user parameter by preventing HTTP Strict Transport Security. HSTS is a web security that ensures a secure connection between a server and its client.

Impact

Using this vulnerability, an attacker can:-

  • redirect the user to a malicious site to steal information/data.
  • show the end users some false data which will, in turn, affect the credibility of the website.

Mitigation / Precautions

According to Beagle, a secure connection can be achieved by using a response header field named Strict-Transport-Security.

        Strict-Transport-Security: max-age=31539000

    

A universal and straightforward technique is to configure the server to redirect to HTTPS. By this technique, when the server sends HTTPS to the client. The client sends HSTS and other attributes to the server. The initial response is always unsure/unsafe.

        Strict-Transport-Security: max-age=31536000; includeSubDomains

    

The above code sets all the subdomain connections as secure.


Written by
Nash N Sulthan
Nash N Sulthan
Cyber Security Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days