During last years we have been researching about HSTS and HPKP, how it works from the server side, how it is implemented, how administrators deal with it and how browsers implement these mechanisms. We have even created tools and a test web page around it. Now, we add to our toolset a new script which has become a post exploitation Metasploit module.
During RootedCON (where we showed an improved version of our presentation in Black Hat) we have revealed that recently, our post exploitation module to erase HSTS/HPKP entries in main web browsers (coded by Sheila Berta, one of our researchers in Innovation and Laboratory in ElevenPaths), have been merged in official Metasploit repository.
How to use it is quite simple, it is shown in this video.
Hope you find it useful.