- This topic has 3 replies, 2 voices, and was last updated 1 year, 3 months ago by
.
-
Posts
-
Hello Zaid,
First of all, thank you so much for your courses! I have plenty of them and enjoy them as never.
I have noticed some flaws I want to point out for you to potentially improve your course.
1. HTTPS downgrading to HTTP – hijacking does not work anymore, due to this in wireshark not visible login attempts
2. Xarp no longer available as application, only on unofficial websites
3. Metasploitable – first exlpoit from your video does not work. It’s been removedHi!
The https downgrade is still working, as any other attack it has its own limitations but it’s definitively working. We can try to debug the issue, just open a new thread.
Yes, Xarp is only available in unofficial website but there’s nothing we can do about it, unfortunately there’s no good alternative for it.
Which exploit are you talking about? Also you can open a different thread so we can help to debug the issue.Greetings!
Diego1. Flaw Report
after:
[KALI MACHINE]
1. writing “spoof.cap” script (= works perfectly fine)
2. enabeling: root> bettercap -iface eth0 -caplet /path/spoof.cap[WINDOWS 10]
3. deleting all browser data[KALI]
4. starting hstshijack/hstshijack capletnothing seemes to work.
———————————————————————2nd report:
while this downgrading is not available I couldn’t logically capture via Wireshark unencrypted logins (admin + password)
Thanks for your time Diego, bless you teacher!
- You must be logged in to reply to this topic.