Open graingert opened 12 years ago
I just wrote a POC for that (see https://github.com/SleepProgger/hsts-cookie-poc ). If there is interest i would dig into the evercookie src, merge and send a pull request.
There is a limitations with this technique though: You need to have an wildcard certificate or enough valid certificates. At least Firefox ignores the HSTS Header if the certificate is untrusted (self signed)
Very cool, would love that! The different methods in evercookie are pretty well segregated, you just need a read function, write function and the callers.
http://hstscookie.ca/ has a demo fro storing cookies via HSTS browser records:
From the site "The HSTS cookie cannot be removed by clearing your cookies. It will be deleted if you clear 'site preferences', however, doing that will also clear a lot of useful information and expire the HSTS pins for other sites."