HTTP + TLS (Transport Layer Security) / SSL (Secure Socket Layer)
Downgrade HTTPS to HTTP to be able to read the data (SSL Stripping)
SSL Stripping
The Caplet that is used by BetterCap for SSL Stripping is buggy use the following modified module
Zip File : hstshijack.zip - Google Drive
Location of Caplets : /usr/share/bettercap/caplet
bettercap -iface <interface> -caplet <sniff-data-cap-file>Ensure to add set net.sniff.local true in the cap file. This ensures that BetterCap captures packets it thinks are local as well. The reason this is required is when we use the HTTPS Bypass Caplet it will look like the data is originating from our device.
caplets.show
hstshijack/hstshijack # Run HSTS CapletDowngrading HSTS
The modified HTTPS Bypass caplet is required to perform this attack
In the “hstshijack.cap” file replace targets, replacements with the required websites
The values for “dns.spoof.domains” should be exactly same as the replacements line
Ensure to add “set net.sniff.local true” in the cap file
bettercap -iface <interface> -caplet <sniff-data-cap-file>
# Run HSTS Caplet
hstshijack/hstshijack The bypass will only work if the user loads the HSTS website link from an HTTP/ HTTPS web page
If HSTS caplet gives TCP Error use BetterCap v2.23