- This topic has 51 replies, 3 voices, and was last updated 1 month, 3 weeks ago by
.
-
Posts
-
Hi!
Did you clear the entire browser’s cache? Because by default it will only clear the last hour.
Linkedin and facebook can be downgraded successfully, I tested it. Are you using an apple M1/M2 computer?Greetings!
Diegoyes I always clear the entire browser’s cache manually. my Mac book is an M1 2020, also now LinkedIn doesn’t work anymore. when I run the hstshijack caplet and visit LinkedIn it says (hmmm… can’t reach this page) and when you told me before to visit vulnweb without running the hstshijack caplet it didn’t work but I tried again with running it and the password and username that I entered in vulnweb appeared in bettercap you can see a screenshot in here https://drive.google.com/drive/folders/1-_XQpmx4CRNhPnuA1y-MHGeFYv_sXTqB it’s called “vulnweb works now”
so the last thing I can do to help you understand my problem is to show you the files of hstshijack caplet so you can see if everything is in the right place or maybe I did place a file in a wrong way, you can find 2 screenshots of the file in the google drive links “hstshijack file” “payloads file”
also I searched about this problem and found that here https://forum.stationx.net/t/bettercap-hstshijack-not-working/3894/7 someone says “You’re using the wrong version of bettercap (V2.26), if you downloaded and imported the custom ova image provided in the resources of lecture 5, then you should have bettercap V2.23 with the custom hstshijack caplet file already pre-installed.
If you still don’t have them, then download bettercap 2.23”
maybe the problem is in this exact version of bettercap that I’m using (v2.31.0) if so can you tell me how to download version 2.23?
Hi!
No, bettercap version is ok, that’s an old answer.
Did you replace the whole hstshijack directory or only the .cap file?
And, for some reason the M1/M2 chip computers seems to have problems with this attack, I don’t have one of those machines so can’t replicate it. I use an intel-based mac and the attacks work just as expected.Let me know.
DiegoI think i tried to make everything in the file the same as the one shown by zaid in the lecture, and regarding this problem in M1/M2 chip computers, is there any solution to it? I thought about fixing my old laptop or buying a new one but before doing all that is there something else can be done about this problem?
Hi!
What exactly do you mean by I think i tried to make everything in the file the same as the one shown by zaid? Can you elaborate much more?
Also, can you answer: Did you replace the whole hstshijack directory or only the .cap file?Greetings!
DiegoI mean at first when he showed the path of where hstshijack file should be, I forgot if I replaced the whole hstshijack file or only the .cap file but I think that I replaced them all, what should I do though??
Hi!
You need to replace the whole hstshijack directory not only the .cap file.
The computer that Zaid used is an intel-based machine as well.
You can try to use firefox instead.Greetings!
DiegoAlso I downloaded firefox browser the only thing that happened is that it can bypass https in LinkedIn but I can’t see passwords or usernames
Hi!
As mentioned in the lecture download the hstshijack caplet archive from resources, uncompress it and replace the whole hstshijack directory inside the caplets directory, then try it again.Basically, if the page gets downgraded to http then the password will be captured, if you don’t see it it’s just because bettercap was not able to filter it, or the credentials are buried between all of the other data that bettercap displays on screen.
Look carefully through all of the results you got, if you’re sure it’s not there then just use Wireshark as shown in lectures 46 – 49 to find the username and password.LinkedIn is not in the HSTS hijack list because LinkedIn is not preloaded in Chrome or Firefox, what means by its not preloaded is that it is not in the HSTS list that is stored at the local target computer, therefore you should be able to downgrade it just like any other https website.
In edge however LinkeIn is pre-loaded so you’ll have to add it to the list as shown in the course.Greetings!
Diegois this how the file should be after replacing all files?? https://drive.google.com/drive/folders/1-_XQpmx4CRNhPnuA1y-MHGeFYv_sXTqB screenshots “hstshijack after replacement” “payloads after replacement”
if nothing is totally working can I skip bettercap lectures and is there any tools that can do the same thing that bettercap do?? I’ve been trying to solve this problem for a month now but nothing seems to be working
- You must be logged in to reply to this topic.
