Interesting question here for you. I am currently working on a couple of security reviews for some friends of mine. I have got to the stage where I am probing webservers for weaknesses with burp suite.
One site is doing as I would expect and the other is blocking me. The other won’t let me through as it has HTTP Strict Transport Security enabled.
Is there any way around this at all? I am looking to enumerate the logon process and spider the website. I’ll set off trying other tools now but there is a gap in my knowledge here and it would great to plug it.
p.s big thanks to everyone who contributes to this forum.