Hi!
Basically there are 2 challenges:
Websites that use normal https like zsecurity.org, stackoverflow.com ….etc you should be able to bypass all of these even if accessed directly.Websites that use HSTS like facebook and twitter, these websites will only load over HTTPS if accessed directly because the browser has a list of famous websites that use HSTS, therefore it will only load them over https, the only way around this is to use the custom hstshijack caplet that Zaid provided, this will only work if the user searches for the website using a search engine that does not use HSTS, for example if they use the local google domain such as google.ie to search for facebook / twitter …etc in this case the script will replace the .com at the end with .corn bypassing the list of famous websites that the browser has and allowing us to downgrade these websites to http.
So clear browser’s cache for All Times or Everything on victim’s machine, then run the attack and enter linkedin.com in the browser’s address bar, just like that, without prepending https://
Let me know how it goes!
Diego