- This topic has 51 replies, 3 voices, and was last updated 9 months, 1 week ago by Diego Pérez.
- AuthorPosts
- June 19, 2023 at 9:29 pm #73029Diego PérezModerator
Hi!
Did you clear the entire browser’s cache? Because by default it will only clear the last hour.
Linkedin and facebook can be downgraded successfully, I tested it. Are you using an apple M1/M2 computer?Greetings!
DiegoJune 20, 2023 at 11:15 pm #73058nouraParticipantyes I always clear the entire browser’s cache manually. my Mac book is an M1 2020, also now LinkedIn doesn’t work anymore. when I run the hstshijack caplet and visit LinkedIn it says (hmmm… can’t reach this page) and when you told me before to visit vulnweb without running the hstshijack caplet it didn’t work but I tried again with running it and the password and username that I entered in vulnweb appeared in bettercap you can see a screenshot in here https://drive.google.com/drive/folders/1-_XQpmx4CRNhPnuA1y-MHGeFYv_sXTqB it’s called “vulnweb works now”
so the last thing I can do to help you understand my problem is to show you the files of hstshijack caplet so you can see if everything is in the right place or maybe I did place a file in a wrong way, you can find 2 screenshots of the file in the google drive links “hstshijack file” “payloads file”
June 20, 2023 at 11:29 pm #73059nouraParticipantalso I searched about this problem and found that here https://forum.stationx.net/t/bettercap-hstshijack-not-working/3894/7 someone says “You’re using the wrong version of bettercap (V2.26), if you downloaded and imported the custom ova image provided in the resources of lecture 5, then you should have bettercap V2.23 with the custom hstshijack caplet file already pre-installed.
If you still don’t have them, then download bettercap 2.23”
maybe the problem is in this exact version of bettercap that I’m using (v2.31.0) if so can you tell me how to download version 2.23?
June 21, 2023 at 9:23 pm #73070Diego PérezModeratorHi!
No, bettercap version is ok, that’s an old answer.
Did you replace the whole hstshijack directory or only the .cap file?
And, for some reason the M1/M2 chip computers seems to have problems with this attack, I don’t have one of those machines so can’t replicate it. I use an intel-based mac and the attacks work just as expected.Let me know.
DiegoJune 21, 2023 at 11:26 pm #73071nouraParticipantI think i tried to make everything in the file the same as the one shown by zaid in the lecture, and regarding this problem in M1/M2 chip computers, is there any solution to it? I thought about fixing my old laptop or buying a new one but before doing all that is there something else can be done about this problem?
June 22, 2023 at 8:21 pm #73079Diego PérezModeratorHi!
What exactly do you mean by I think i tried to make everything in the file the same as the one shown by zaid? Can you elaborate much more?
Also, can you answer: Did you replace the whole hstshijack directory or only the .cap file?Greetings!
DiegoJune 23, 2023 at 1:29 am #73081nouraParticipantI mean at first when he showed the path of where hstshijack file should be, I forgot if I replaced the whole hstshijack file or only the .cap file but I think that I replaced them all, what should I do though??
June 23, 2023 at 2:14 am #73082nouraParticipantI think Zaid has an m1 chip MacBook can you ask him about this problem
June 23, 2023 at 2:26 am #73083nouraParticipantalso the browser the im using is windows explorer could that be the problem??
- This reply was modified 1 year, 5 months ago by noura.
June 23, 2023 at 9:15 pm #73091Diego PérezModeratorHi!
You need to replace the whole hstshijack directory not only the .cap file.
The computer that Zaid used is an intel-based machine as well.
You can try to use firefox instead.Greetings!
DiegoJune 24, 2023 at 1:20 am #73095nouraParticipantCan you tell me how to replace the whole hstshijack directory?? a picture can help maybe
June 24, 2023 at 1:22 am #73096nouraParticipantAlso I downloaded firefox browser the only thing that happened is that it can bypass https in LinkedIn but I can’t see passwords or usernames
June 24, 2023 at 6:14 pm #73104Diego PérezModeratorHi!
As mentioned in the lecture download the hstshijack caplet archive from resources, uncompress it and replace the whole hstshijack directory inside the caplets directory, then try it again.Basically, if the page gets downgraded to http then the password will be captured, if you don’t see it it’s just because bettercap was not able to filter it, or the credentials are buried between all of the other data that bettercap displays on screen.
Look carefully through all of the results you got, if you’re sure it’s not there then just use Wireshark as shown in lectures 46 – 49 to find the username and password.LinkedIn is not in the HSTS hijack list because LinkedIn is not preloaded in Chrome or Firefox, what means by its not preloaded is that it is not in the HSTS list that is stored at the local target computer, therefore you should be able to downgrade it just like any other https website.
In edge however LinkeIn is pre-loaded so you’ll have to add it to the list as shown in the course.Greetings!
DiegoJune 26, 2023 at 3:03 am #73117nouraParticipantis this how the file should be after replacing all files?? https://drive.google.com/drive/folders/1-_XQpmx4CRNhPnuA1y-MHGeFYv_sXTqB screenshots “hstshijack after replacement” “payloads after replacement”
if nothing is totally working can I skip bettercap lectures and is there any tools that can do the same thing that bettercap do?? I’ve been trying to solve this problem for a month now but nothing seems to be working
June 26, 2023 at 3:06 am #73118nouraParticipantplease tell me in exact detail are the files in the right order now?? after I replaced them?
- AuthorPosts
- You must be logged in to reply to this topic.