Forum Replies Created
- Posts
I’m on lecture 12.7 which one should i go to next if i wanna skip all of bettercap lectures? Could you give me a specific lecture I should go to
is this how the file should be after replacing all files?? https://drive.google.com/drive/folders/1-_XQpmx4CRNhPnuA1y-MHGeFYv_sXTqB screenshots “hstshijack after replacement” “payloads after replacement”
if nothing is totally working can I skip bettercap lectures and is there any tools that can do the same thing that bettercap do?? I’ve been trying to solve this problem for a month now but nothing seems to be working
Also I downloaded firefox browser the only thing that happened is that it can bypass https in LinkedIn but I can’t see passwords or usernames
I mean at first when he showed the path of where hstshijack file should be, I forgot if I replaced the whole hstshijack file or only the .cap file but I think that I replaced them all, what should I do though??
I think i tried to make everything in the file the same as the one shown by zaid in the lecture, and regarding this problem in M1/M2 chip computers, is there any solution to it? I thought about fixing my old laptop or buying a new one but before doing all that is there something else can be done about this problem?
also I searched about this problem and found that here https://forum.stationx.net/t/bettercap-hstshijack-not-working/3894/7 someone says “You’re using the wrong version of bettercap (V2.26), if you downloaded and imported the custom ova image provided in the resources of lecture 5, then you should have bettercap V2.23 with the custom hstshijack caplet file already pre-installed.
If you still don’t have them, then download bettercap 2.23”
maybe the problem is in this exact version of bettercap that I’m using (v2.31.0) if so can you tell me how to download version 2.23?
yes I always clear the entire browser’s cache manually. my Mac book is an M1 2020, also now LinkedIn doesn’t work anymore. when I run the hstshijack caplet and visit LinkedIn it says (hmmm… can’t reach this page) and when you told me before to visit vulnweb without running the hstshijack caplet it didn’t work but I tried again with running it and the password and username that I entered in vulnweb appeared in bettercap you can see a screenshot in here https://drive.google.com/drive/folders/1-_XQpmx4CRNhPnuA1y-MHGeFYv_sXTqB it’s called “vulnweb works now”
so the last thing I can do to help you understand my problem is to show you the files of hstshijack caplet so you can see if everything is in the right place or maybe I did place a file in a wrong way, you can find 2 screenshots of the file in the google drive links “hstshijack file” “payloads file”
hello sorry for the late reply I was busy with school but cybersecurity is my real passion
so, I did everything as you said but I wasn’t sure if I should have net.sniff on so I did it anyway, simple arp spoof attack without the hstshijack caplet and then I visited vulnweb.com but the surprise here is that it’s not loading in the victim machine, I also shared a screenshot of arp -a before and during the attack, you can find the 3 screenshots here https://drive.google.com/drive/folders/1-_XQpmx4CRNhPnuA1y-MHGeFYv_sXTqB the pictures called ( vulnweb.com) (kali machine) (arp -a before and after)also I paid too much attention and tried everything. I couldn’t pass the problems in the lecture 12.7 to even go to lecture 12.8 but I did so because you said that Zaid explains where to place the folder of the caplet which iv’e placed right, im just saying maybe LinkedIn is not working like it did for Zaid in lecture 12.7 and Facebook.corn in lecture 12.8 because of buttercup’s version???
sorry I made a mistake in point 2 I meant to say that zsecurity and stackoverflow are not working whether I try to access them directly or indirectly
and LinkedIn is the only website that state “not secure” when I run the hstshijack caplet so it’s working but also when I try to sign in to see if there is password and username to appear in bettercap, the page can’t load and it says “Hmmm… can’t reach this page” this is in the target machine, also I tried going to Facebook.com through the local google domain (google.ie) and in the search bar it says “Facebook.com” not Facebook.corn. last but not least I just started the course and it was the first few lectures I’ve seen about cybersecurity and hacking so I would appreciate it if you told me what should I look for in the packets of bettercap
