Viewing 15 posts - 31 through 45 (of 52 total)
  • Author
    Posts
  • #73029
    Diego PérezDiego Pérez
    Moderator

    Hi!
    Did you clear the entire browser’s cache? Because by default it will only clear the last hour.
    Linkedin and facebook can be downgraded successfully, I tested it. Are you using an apple M1/M2 computer?

    Greetings!
    Diego

    #73058
    noura
    Participant

    yes I always clear the entire browser’s cache manually. my Mac book is an M1 2020, also now LinkedIn doesn’t work anymore. when I run the hstshijack caplet and visit LinkedIn it says (hmmm… can’t reach this page) and when you told me before to visit vulnweb without running the hstshijack caplet it didn’t work but I tried again with running it and the password and username that I entered in vulnweb appeared in bettercap you can see a screenshot in here https://drive.google.com/drive/folders/1-_XQpmx4CRNhPnuA1y-MHGeFYv_sXTqB it’s called “vulnweb works now”

    so the last thing I can do to help you understand my problem is to show you the files of hstshijack caplet so you can see if everything is in the right place or maybe I did place a file in a wrong way, you can find 2 screenshots of the file in the google drive links “hstshijack file” “payloads file”

    #73059
    noura
    Participant

    also I searched about this problem and found that here https://forum.stationx.net/t/bettercap-hstshijack-not-working/3894/7 someone says “You’re using the wrong version of bettercap (V2.26), if you downloaded and imported the custom ova image provided in the resources of lecture 5, then you should have bettercap V2.23 with the custom hstshijack caplet file already pre-installed.

    If you still don’t have them, then download bettercap 2.23”

    maybe the problem is in this exact version of bettercap that I’m using (v2.31.0) if so can you tell me how to download version 2.23?

    #73070
    Diego PérezDiego Pérez
    Moderator

    Hi!
    No, bettercap version is ok, that’s an old answer.
    Did you replace the whole hstshijack directory or only the .cap file?
    And, for some reason the M1/M2 chip computers seems to have problems with this attack, I don’t have one of those machines so can’t replicate it. I use an intel-based mac and the attacks work just as expected.

    Let me know.
    Diego

    #73071
    noura
    Participant

    I think i tried to make everything in the file the same as the one shown by zaid in the lecture, and regarding this problem in M1/M2 chip computers, is there any solution to it? I thought about fixing my old laptop or buying a new one but before doing all that is there something else can be done about this problem?

    #73079
    Diego PérezDiego Pérez
    Moderator

    Hi!
    What exactly do you mean by I think i tried to make everything in the file the same as the one shown by zaid? Can you elaborate much more?
    Also, can you answer: Did you replace the whole hstshijack directory or only the .cap file?

    Greetings!
    Diego

    #73081
    noura
    Participant

    I mean at first when he showed the path of where hstshijack file should be, I forgot if I replaced the whole hstshijack file or only the .cap file but I think that I replaced them all, what should I do though??

    #73082
    noura
    Participant

    I think Zaid has an m1 chip MacBook can you ask him about this problem

    #73083
    noura
    Participant

    also the browser the im using is windows explorer could that be the problem??

    • This reply was modified 1 year, 6 months ago by noura.
    #73091
    Diego PérezDiego Pérez
    Moderator

    Hi!
    You need to replace the whole hstshijack directory not only the .cap file.
    The computer that Zaid used is an intel-based machine as well.
    You can try to use firefox instead.

    Greetings!
    Diego

    #73095
    noura
    Participant

    Can you tell me how to replace the whole hstshijack directory?? a picture can help maybe

    #73096
    noura
    Participant

    Also I downloaded firefox browser the only thing that happened is that it can bypass https in LinkedIn but I can’t see passwords or usernames

    #73104
    Diego PérezDiego Pérez
    Moderator

    Hi!
    As mentioned in the lecture download the hstshijack caplet archive from resources, uncompress it and replace the whole hstshijack directory inside the caplets directory, then try it again.

    Basically, if the page gets downgraded to http then the password will be captured, if you don’t see it it’s just because bettercap was not able to filter it, or the credentials are buried between all of the other data that bettercap displays on screen.
    Look carefully through all of the results you got, if you’re sure it’s not there then just use Wireshark as shown in lectures 46 – 49 to find the username and password.

    LinkedIn is not in the HSTS hijack list because LinkedIn is not preloaded in Chrome or Firefox, what means by its not preloaded is that it is not in the HSTS list that is stored at the local target computer, therefore you should be able to downgrade it just like any other https website.
    In edge however LinkeIn is pre-loaded so you’ll have to add it to the list as shown in the course.

    Greetings!
    Diego

    #73117
    noura
    Participant

    is this how the file should be after replacing all files?? https://drive.google.com/drive/folders/1-_XQpmx4CRNhPnuA1y-MHGeFYv_sXTqB screenshots “hstshijack after replacement” “payloads after replacement”

    if nothing is totally working can I skip bettercap lectures and is there any tools that can do the same thing that bettercap do?? I’ve been trying to solve this problem for a month now but nothing seems to be working

    #73118
    noura
    Participant

    please tell me in exact detail are the files in the right order now?? after I replaced them?

Viewing 15 posts - 31 through 45 (of 52 total)
  • You must be logged in to reply to this topic.