Arpspoof and bettercap not working: loosing victim connection

Maybe you can try installing everything with VMware?

Hi Edwin and thanks for you support in this forum :):slight_smile:
i have a lot t of probleme with a latest version of Bettercap in Kali linux 2020.3

Hstshijaking not work correctly such as video of Sabih (nat netwok ok betwin kali VM and windows 10 VM )
Gui Mode not work error msg appear (apache server stat test debian done)

Actualy i need to remove completeky a latest version of bettercap and install a 2.23
can you please the procedure to do that correctly ?
Thanks in advance
image
image

thanks in advance

@Ingvarr what happens when you try this?
echo 1 > /proc/sys/net/ipv4/ip_forward

and after that run the complete attack?

to remove the bettercap from kali try this.
apt-get remove --auto-remove bettercap

If you also want to delete your local/config files for bettercap then this will work.
apt-get purge --auto-remove bettercap

After that download bettercap 2.23 extract it and run it from the terminal.

Thanks Edwin for your support :slight_smile:

image
image

How can i install this file ?
best regards

Download this one https://ufile.io/joxjzflg

thanks Edwin ,

i have already this file , its ionly a executable , and no permit to launch UI and HSTShijack !!

thanks in advance

Zaid shares a HSTShijack file that works with Bettercap 2.23

Learn Ethical Hacking From Scratch

check the resources of this lecture:
Understanding HTTPS & How to Bypass it

And if you really want to use the UI this is very clear if you ask me.
https://www.bettercap.org/usage/

Thanks Edwin for your support :slight_smile:

zaid uses version 2.23 of Bettercap, but it is an installable version and not like the version which is on the link that you sent me (executable directly) I do not know if you have understood me
i’m really lost i don’t know what to do :frowning:

Which course are you taking? And which lecture?
Because Bettercap 2.23 and the HSTShijack file are both offered as resources in this course.

Learn Ethical Hacking From Scratch

but maybe you are taking another course :thinking:

hi Edwin , i have only the Videos and 2 file ( inject_beef.js.js / hstshijack.zip )

I am really confused, because I am two days away from trying to repair this problem without result
the two concerns that I currently have are that:
Hstshijack: do not transform https to http pages (I am in nat mode) (hsts ready with the same script as ZAID)
I don’t know how to go back to the stable version which was used by sabih

  • I can access UI mode (apache server strated)
    tahnks in advance

Which course and which lecture?

Here is the bettercap Zaid is using (but its the same i already shared)
“Learn Ethical Hacking From Scratch”
check the “Bypassing HSTS” lecture recources.

And here are some links to the Kali linux Zaid is using.
https://zsecurity.org/download-custom-kali/

And if you are completely stuck.
Just restore a snapshot.
That’s why you’re using a VM after all.
Just make a new installation completely to your liking.
Then take a snapshot.
Then you can just test everything and if something goes wrong.
Just restore a snapshot and you’re done.

And some sites Zaid is using now have HSTS protection. That’s why it doesn’t work as he demonstrates. (they will also continue to secure things)

Give it a try with unknown small websites that use https.
But always make sure that everything works on a non-secure http site first.

Hey. I could not write anything as I overcame the limit of replies new user can give. So, I finally discovered how to actually do this attack. All I needed was to add my router ip to the set arp.spoof.targets line alongside with the windows vm ip. And this works for me, I can get passwords and other stuff. The only thing that bothers me now is that I cant do this with my wireless wifi adapter. In the course video Zaid said that it would work both for wired and wireless connection. But using adapter I face the same problem as on the start of this forum - connection loss. So it’d be great if you could share an idea why this actually happens .

Did you test this?
echo 1 > /proc/sys/net/ipv4/ip_forward
And then run the complete attack again?

1 Like

It has no sense if you cahnge ip_forward file because ip forwarding is being enabled automatically by bettrecap. Actually, I tried to do the thing with my phone and that worked. Maybe, again, I cant do wireless attack on windows vm because bridge adapter is set there. I dont really know much about bridge or nat connections, but still I got this right. Thank you very much, Edwin.

Can you tell me what happens when you diable eth0 (" ifconfig eth0 down")
And run the attack with wlan0?
So kali in + wifi and some target thats connected with your wifi.

My wifi adapter is connected to kali not as bridge, but as usb. You want me to set it as bridge?

So, if you mean what I think you mean, then the connection stays, but I cant see requests on websites I visit or any passwords or logins even on http

May I ask you one more question? Is there any way to install exact versions of tools in the system?
Like, if I install some other version of bettercap then I cant use it with bettercap caplet folder. I’d like to instal 2.23 to see if that solves my another problem, which is that Zaid’s hstshijack doesn’t work on 2.28 bettercap and the hstshijack in 2.28 bettercap doesnt downgrade https websites and doesnt change the adress to ***.corn