This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
The built-in sslstripping feature (http.proxy.sslstrip) in bettercap is not working against HTTPS websites in this issue I will be using cygwin.com and winzip.com as an example, as we can see they are not HSTS preloaded https://hstspreload.org/?domain=cygwin.com https://hstspreload.org/?domain=winzip.com.
I am using bettercap v2.32.0 (built for linux amd64 with go1.21.0)
my os is
```
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2024.1
Codename: kali-rolling
x86_64
```
I am using --caplet script.cap as a command line argument
script.cap contains:
```
net.probe on
set http.proxy.sslstrip true
http.proxy on
set arp.spoof.fullduplex true
set arp.spoof.targets 192.168.0.100
set net.sniff.local true
arp.spoof on
net.sniff on
```
Full Debug output: https://pastebin.com/qZF21fdY
Steps to Reproduce
Run the script.cap provided above make sure to change the IP address accordingly
Go into an HTTPS website on the victim machine
Expected behavior:
Successfully ARP spoof the victim
Successfully sniff data from http websites
Successfully downgrade HTTPS into HTTP
When downgraded successfully sniff data from HTTPS websites
Actual behavior:
Successfully ARP spoofed the victim
Successfully sniffed data from http websites
Couldn't downgrade HTTPS into HTTP (loads as HTTPS)
Since I could not downgrade HTTPS I was not able to sniff any data from HTTPS websites
Now as I final note I want to add my own interpretation of this; Generally when bettercap detects HTTPS websites while running SSLstrip it logs something like spoofing the domain or HTTPS detected downgrading etc. but in this instance it is not so maybe this is a bug where it is not correctly detecting HTTPS pages therefore not even trying to downgrade them???
BTW ofcourse I cleared all the web browser cache, I tried both chrome and edge, also I disabled secure DNS on both.
Subreddit
Post Details
- Posted
- 5 months ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/AskNetsec/c...