Does sslstrip have to do something with Bettercap's certificate?

Question

I am trying to perform a MITM attack using bettercap against a website that doesn't have the HSTS security policy implemented at all.

When I try the following command: bettercap -T AddressIpoftheTarget -X --proxy --https-proxy, it works fine. Bettercap succeeds in injecting his own self-signed certificate to the web browser. The browser shows the "Not Secure" warning, and lets me accept the invalid certificate by proceeding to the website in an unsecure way.

When I try this command: bettercap -T AddressIpoftheTarget -X --https-proxy it doesn't work. I don't understand why the --proxy is needed. Is it because it enables the sslstrip? How does sslstrip contribute in all of this during this scenario?

score 1 · Answer 1 · answered Aug 21 '20 at 11:33

You are correct; the --proxy argument enables sslstrip. The sslstrip module in Bettercap re-writes any https:// links (and also I think by default adds an extra character to the hostname to defeat HSTS policy if it enabled). As to why the --proxy switch is needed - if there is no HSTS, then the initial page will be served over HTTP.

Does sslstrip have to do something with Bettercap's certificate?

1 Answers1