Bypassing HTTPS

Hey! I was trying to bypass HTTPS website and I followed zaid’s demonstration in ethical hacking course. However, the websites on my windows 10 (victim) is still in HTTPS. Is it because the my current google chrome version is different and how do I fix it? (Can’t find the older version chrome) Thanks in advance! :slight_smile:

Probably the website has implemented HSTS.

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)

I tried different website that isn’t popular and also implemented the HSTS command but website such as facebook.com didn’t change to facebook.corn.

And you use Bettercap with the hstshijack file Zaid shared?
And this version of bettercap?

You have to make sure that you clear cache and history each time you visit the website.

Yes. It only works for a few website but most of these working website does not allow user to login with HTTP. For the HSTS part, it doesn’t work. I did check my google chrome was in HTTPS when I did a facebook search, not sure if thats the reason.

If you search for facebook on google and you hover over the link you can see if it changed to .corn (in the left bottom of the screen) if not it doesn’t work. And indeed Zaid uses google in http.

No it didn’t show .corn. I did manage to change the web page to http with some security warning by turning https.proxy on.

um how do you install sslstrip. More importantly how do you install twisted

As long as I know, Kali comes pre-installed with sslstrip. Try updating using sudo apt update and then running sudo apt install sslstrip. If it doesn’t;t work then install it from their original repo: https://gitlab.com/kalilinux/packages/sslstrip. Just follow the install instructions.
To install twisted, just type pip install twisted

Hi, I can confirm that I have tried all of the methods above and was only able to get the javascript on one site.