[alexandrgrise]

Hello Zaid,

First of all, thank you so much for your courses! I have plenty of them and enjoy them as never.

I have noticed some flaws I want to point out for you to potentially improve your course.

1. HTTPS downgrading to HTTP – hijacking does not work anymore, due to this in wireshark not visible login attempts
2. Xarp no longer available as application, only on unofficial websites
3. Metasploitable – first exlpoit from your video does not work. It’s been removed

[Diego Pérez]

Hi!
The https downgrade is still working, as any other attack it has its own limitations but it’s definitively working. We can try to debug the issue, just open a new thread.
Yes, Xarp is only available in unofficial website but there’s nothing we can do about it, unfortunately there’s no good alternative for it.
Which exploit are you talking about? Also you can open a different thread so we can help to debug the issue.

Greetings!
Diego

[alexandrgrise]

1. Flaw Report

after:

[KALI MACHINE]
1. writing “spoof.cap” script (= works perfectly fine)
2. enabeling: root> bettercap -iface eth0 -caplet /path/spoof.cap

[WINDOWS 10]
3. deleting all browser data

[KALI]
4. starting hstshijack/hstshijack caplet

nothing seemes to work.
———————————————————————

2nd report:

while this downgrading is not available I couldn’t logically capture via Wireshark unencrypted logins (admin + password)

Thanks for your time Diego, bless you teacher!

Attachments:

You must be logged in to view attached files.

[Diego Pérez]

Hi!
Can I see the result of ifconfig in Kali, ipconfig in the target machine, bettercap’s version, the command you used to start bettercap and the contents of the spoof caplet please?
Can you also show me Kali’s and Window’s network settings in VMware?

Thanks!
Diego

[Author]

Posts