compewter
commented
3 years ago hey, thanks for checking out CopyCat! Short answer is no, you have to get your target to load a separate domain that they think is the real domain. You used to be able to load subdomains and depending on the security configurations of the domain you're spoofing that could still work, but is far less common than it used to be.
This current version is no longer in development. I rearchitected this tool to take a different approach, and the challenging/interesting part of it is getting one domain's content to render and function properly on a different domain (e.g. google.com functions on fakegoogle.com). I've been trying to find commercial applications for that, so I havent published that code.
Hello does your tool bypass HSTS?