How can I solve the Firefox HSTS error?

406    Asked by Amitjaisawal in Cyber Security , Asked on Mar 31, 2022

 For pentesting/VA, it is, of course, imperative to always be able to see the HTTP site of a target. If present, HSTS conflicts with this need. Without using a proxy to address the problem (e.g. Burp), is it possible to natively disable HSTS in Firefox?

Answered by Amit raj

For solving the Firefox HSTS error, you can follow the below steps -


  • Type about:support in firefox
  • Click Profile Folder | Open Folder which should open your profile folder.
  • Find file called SiteSecurityServiceState.txt and open it
  • Find the entry for your site url and remove it. Entry would looks something like - github.com:HSTS 120 17242 1521194647604,1,1
  • Make sure the above firefox is closed so that it does not overwrite it.
  • Firefox stores HSTS entries in this file with their expiration periods. Removing this entry should allow you to hit http url. TO further prevent it you can probably change the permission of this file to read only.
  • More details - Understanding HTTP Strict Transport Security (HSTS)

NOTE : This will not work for well known sites like google as those lists are preloaded by browsers. Works fine for others. See above link for details.



Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com