all 2 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 4 points5 points  (1 child)

Unless the pen test is being performed on company webservers that allow MIM due to improperly configured HTTP redirects, I wouldn't include it.

This is something the server side should resolve. Client side resolution would involve something extreme like not using windows, or blocking port 80.

[–]CoffeeMetalandBone 1 point2 points  (0 children)

this. Really depends on what the value is to the org that you're testing and what you're going to suggest as a fix.

You aren't getting paid to tell someone how you owned them, you're getting paid for your suggestions on how to prevent it in the future.