Tagged: HSTSHIJACK
- This topic has 40 replies, 2 voices, and was last updated 1 year ago by Diego Pérez.
- AuthorPosts
- November 5, 2023 at 6:44 pm #95865lucmarroucheParticipant
Hi Diego, so I did download the customized kali and all, which I love it. But I am still having some issues with downgrading websites to http, I havent changed the caplet, I used chrome, MS edge, and even when I use google it doesnt remove google security. Your help would be much appreciated thank you
November 6, 2023 at 8:08 pm #96082Diego PérezModeratorHi!
Can I see the result of ifconfig in Kali, ipconfig in the target machine, bettercap’s version, the command you used to start bettercap and the contents of the spoof caplet please?
Can you also show me Kali’s and Window’s network settings in VMware?Thanks!
DiegoNovember 9, 2023 at 4:53 pm #96718lucmarroucheParticipantHi Diego and thank you as always,
Attachments:
You must be logged in to view attached files.November 9, 2023 at 5:01 pm #96722lucmarroucheParticipantBoth virtual machines are set to bridge mode , I havent used NAT because I believe it connects to random network, I may be wrong.
For the linux terminal command i wrote:
Bettercap -iface eth0 -caplet bettercap_spoof.cap which is the caplet I recreated from the course and saved it to documents, when it comes to the hstshijack caplet, I didnt change anything to it, just added somw websites.
November 9, 2023 at 7:19 pm #96766Diego PérezModeratorHi!
Using bridged adapter won’t work, as mentioned in the course set both to NAT network. And please share the full requested info.The screenshot you sent is too small and can’t be read properly.
Greetings!
DiegoNovember 10, 2023 at 1:23 am #96772lucmarroucheParticipanthere just in case the pics arent opening and sorry if they dont as I have been having some issues with uploading and I Appreciate your patience
ifconfig
————eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.160.128 netmask 255.255.255.0 broadcast 192.168.160.255
inet6 fe80::20c:29ff:fedb:b9df prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:db:b9:df txqueuelen 1000 (Ethernet)
RX packets 22235 bytes 17092739 (16.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 52011 bytes 24753228 (23.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 9315 bytes 985550 (962.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9315 bytes 985550 (962.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
——————
target ip is 192.168.160.130—————————–
bettercap version bettercap v2.32.0
—————————
bettercap startbettercap -iface eth0 -caplet bettercap_spoof.cap (this file is in my root documents directory)
———————————————————————–both vmware are set to bridge mode
—————————————–content inside my spoof caplet
net.probe on
set arp.spoof.fulldulpex true
ser arp.spoof.targets 192.168.160.130
arp.spoof on
set net.sniff.local true
net.sniff onNovember 10, 2023 at 6:22 pm #96946lucmarroucheParticipantDiego question, if my virtual machines are set to NAT thats means outside devices cant access my network and if this is the case how am I supposed to spoof those devices and direct their traffic to my kali for example, with bridge mode all devices and including all virtual machines get to be connected to the same network, this NAT vs bridge can be very confusing
November 10, 2023 at 9:58 pm #96950Diego PérezModeratorHi!
Yes, as mentioned in the lectures use NAT for the virtual machines. If you want to connect kali to a real network then you’ll need a wireless adapter.
Did you change the adapter to NAT?Greetings!
DiegoNovember 11, 2023 at 2:06 am #96952lucmarroucheParticipantHi Diego, I am using NAT but still no working, I did sent you a copy of the content you askef for prior to this message, let me know if you got it
November 11, 2023 at 3:48 pm #97123Diego PérezModeratorHi!
Are you able to sniff dta from http site like:http://testphp.vulnweb.com/login.php
Let me know.
DiegoNovember 13, 2023 at 4:09 pm #97556lucmarroucheParticipantHi Diego, yes I am able to sniff data from
Sites like vulnweb, I can see the http link displaying, when it comes to https I can also see them being displayed but not converted to http where I can see decrypted username etc. The https lock next to the url is t changing to unsecureNovember 13, 2023 at 8:40 pm #97603Diego PérezModeratorHi!
Basically there are 2 challenges:
Websites that use normal https like zsecurity.org, stackoverflow.com ….etc you should be able to bypass all of these even if accessed directly.Websites that use HSTS like facebook and twitter, these websites will only load over HTTPS if accessed directly because the browser has a list of famous websites that use HSTS, therefore it will only load them over https, the only way around this is to use the custom hstshijack caplet that Zaid provided, this will only work if the user searches for the website using a search engine that does not use HSTS, for example if they use the local google domain such as google.ie to search for facebook / twitter …etc in this case the script will replace the .com at the end with .corn bypassing the list of famous websites that the browser has and allowing us to downgrade these websites to http.So clear browser’s cache for All Times or Everything on victim’s machine, then run the attack and enter linkedin.com in the browser’s address bar, just like that, without prepending https://
Let me know how it goes!
DiegoNovember 15, 2023 at 6:12 pm #98000lucmarroucheParticipantHi Diego, it is still not working and I am following everything in the course, do you think it may work better if I use ettercap or mitm proxy instead of bettercap, I own all courses so I can just jump into different programs
November 15, 2023 at 7:10 pm #98008Diego PérezModeratorHi!
Bettercap is the best tool for this kind of attack, did you run any update or upgrade in kali or bettercap? Other than apt update. Are you using a mac with the M1/M2 chip? Which browser are you using?Greetings!
DiegoNovember 15, 2023 at 7:30 pm #98011lucmarroucheParticipantFirst thanks for your fast reply, I am using a asus PC and I am using MS edge and google chrome on my PC including the target machine indows installed as a VM, on my kali VM I am using firefox. I have updated and upgraded yes. Is MITM proxy a totally different tool than bettercap? I am guessing that MITM proxy is more like burpsuite used to intercept traffic but more for modifying the traffic, thanks Diego and again I really appreciate your assistance on this issue which is driving me crazy
- AuthorPosts
- You must be logged in to reply to this topic.