I have the latest version of bettercap. I have the latest version of Kali Linux using the latest version of VirtualBox on the latest version of Windows 10. My target machine is the latest version of Windows 10 with Chrome version 70.0.3538.110. I have all the extensions removed. I will first start by going over what I think I know and troubleshooting I have done. Bettercap appears to be functioning in the sense that it can grab passwords from normal HTTP websites but not HTTPS websites.
What I THINK I know.
- SSLStrip will NOT convert an HTTPS connection to an HTTP
- SSLStrip WILL, however, rewrite HTTPS URLs to HTTP.
- SSLStrip will not work on anything that has HSTS preloaded
- SSLStrip will only work against non-preloaded HSTS websites if and only if the user is visiting it for the "first" time.
- SSLStrip will work against TLS and SSL if HSTS is not used
- If HSTS is not implemented, A victim doesn't need to do anything specific or be tricked into installing any certs.
What I Want To Do
- Monitor the victim's computer's traffic
- Verify that weibo is vulnerable (it is https://hstspreload.org/?domain=weibo.com )
- Get the victim user to go to
http://mediaroom.scholastic.com/socialmedia
, scroll to the bottom and click the link to the Weibo website. - Receive an HTTP version of weibo.com
- Alternatively, I would accept clicking a Facebook link and receiving a "Connection is not private" alert. This is also acceptable.
What I have done
Cleared my victim's chrome cache and deleted the domain security policies for weibo.com
Restarted Chrome
used a typical install method
apt-get install bettercap
I have been following this website
I have used these commands once I activate bettercap
set http.proxy.sslstrip true
set net.sniff.verbose false
set arp.spoof.targets 192.168.1.3
arp.spoof on
http.proxy on
net.sniff on
What IS working
- Can successfully redirect victim traffic to the attacking device
- Can successfully grab headers
- Can successfully display the password when I enter it in non-HTTP websites
- When the victim navigates from
mediaroom.scholastic.com
toweibo.com
, the weibo.com link is correctly converted to http in html. Woohoo, progress!!
What is NOT working
- When I actually click the link I still get the HTTPS version.
So, I still feel like I'm missing something essential. This sounds too straightforward of a process to fail. So what is it? What am I missing?
Note for mods. The original link is here. I updated this one with the corrections made by the one answer.