Why Some HTTPS sites are not loading completely while using vooki?

While using the Vooki vulnerability scanner we might have faced the issue where the https page is not loaded completely. The reason behind this issue is the HSTS (HTTP Strict Transport Security) header. After including this in website it becomes difficult to intercept the traffic of the website. In this blog we can see how do we bypass that HSTS header.

Error:

How to bypass in Chrome:

1. Go to the settings of chrome and click on 'Manage Certificates', you can find this by searching in settings.
   
2. After clicking that it will open a window of already installed Certificates. Click on the `Trusted Root Certification Authorities` tab and import the vooki certificate.
   
3. Certificate from vooki could be found in path `C:\Users\user_name\.anyproxy\certificates\rootCA.crt` .
   
4. Import this certificate in the `Trusted Root Certification Authorities` and we are good to go.
   

How to bypass in Mozilla:

1. Go to the settings of firefox and search for certificate and click on `View Certificates`.
   
2. This will open a window `Certificate Manager`. Click on the `Authorities` tab and import the vooki certificate.
   
3. Certificate from vooki could be found in path `C:\Users\user_name\.anyproxy\certificates\rootCA.crt` .
   
4. Import this certificate in the `Authorities` and we are good to go.
   

Note: Changing proxy and certificate in the chrome will change whole system's proxy and trusted certificate. Importing certificate and changing proxy in Mozilla Firefox will change only Mozilla Firefox's certificate and proxy.

• Related Articles

• What is Vooki ?

  Vooki is a dynamic web application vulnerability scanner tool that is used by the majority of the world's top companies. We have made this product in such a manner that it is easy to use for any user, from a newbie to a pro. Vooki uses the OWASP Top ...

• Scan using Command Line

  Generate scan commands using the user interface Generating the scan command is always a difficult task. To make this task easier, Vooki provides the user interface to generate the scan command based on your options. To generate the command, follow ...

• Vooki REST export/import

  Export Project There are two ways to export the project. Follow these steps: Right-click the project and select "Export Project". This will export only selected projects. Click on "Export All Projects" to export all projects. Save it at the desired ...

• Why Vooki is best Vulnerability scanner?

  Vooki is a free web application vulnerability scanner which gives us a perfect scan report about the scanned networks, applications. It is a user-friendly tool that you can easily scan any web application and find security vulnerabilities. Vooki ...

• How to use Vooki - Web Application Scanner ?

  Vooki's web application security scanner is an automated tool to effectively scan and detect many underlying vulnerabilities in web applications in a few minutes. These vulnerabilities include not just the easier ones but the ones that require ...