The gMan nixWiki

Because the mind is made of Teflon...

User Tools

Site Tools

You are here: start » hack_postconnect_bypasshttps
hack_postconnect_bypasshttps

This is an old revision of the document!

HTTPS

Since TlS/SSL that encrypts https is so difficult to crack, the easiest solution to getting into an https connection is to downgrade https to http.

We set up MITM and when the client requests the https version of the desired web site, we give him the https version.

HSTS Hijack

MITM Attack using a BetterCap caplet: hstshijack

  • The one that comes with BetterCap is buggy. Zaid modified it to work…
  • Download , copy, and paste to: /usr/share/bettercap/caplets/

Suggestion: modify your spoof.cap:

  • Add option BEFORE to “net.sniff on”: set net.sniff.local true
  • This option tells Bettercap to sniff all data even if it thinks the data is local data. Once we use the https caplet, the data will seem to have been sent from your local computer.
  • Your spoof.cap should include the following lines (or create a new caplet): 
net.probe on
set arp.spoof.fullduplex true
set arp.spoof.targets 10.0.0.142  # change IP to target, use comma for multiple [REMOVE THIS COMMENT BEFORE USING]
arp.spooof on
set net.sniff.local true
net.sniff on
hack_postconnect_bypasshttps.1590941900.txt.gz · Last modified: by gman