I am creating a workshop with Sslstrip and ettercap. With everything setup fine (I think) the usual case works: A page without Hsts will be 'redirected' to http. However, popular pages like twitter and facebook use the Hsts. I expected to get the server certificate error, but instead I got the https version of these sites.
This raises the question: Does SslStrip forward hsts protected sites to its https variant, and if so, how does hsts check this host (I assume URL or somethhing, but why not the sender?).
Thanks in advance!
