Bettercap: Bypass https

Created on 13 Jun 2018  路  1Comment  路  Source: bettercap/bettercap

Hello , i am using Kali linux 2018.2 and the latest version of bettercap!

How can i configure the Bettercap so i can bypass ssl and hsts?

now i have done this configuration :

bettercap -iface wlan0, then i turned on arp.spoof on ...

then i turn on https.proxy on and https.proxy.sslstrip true

then give the target arp.spoof.target 192.168.1.64 ...

and the bettercap gives me an errors :

Client does not support SNI.
Error reading SNI: record overflow.

what o am doing wrong?

Most helpful comment

If you could just choose to bypass SSL then I don't see a need for its existence.

What you can do is wait for a user to visit a site without SSL to sniff that data and/or lure them into clicking on a sslstripped link. You can use the built-in sslstrip module or you can use this caplet to sslstrip and also spoof domain names.

I suggest you do some reading on SSL and HSTS before you plan to attack these protocols.

>All comments

If you could just choose to bypass SSL then I don't see a need for its existence.

What you can do is wait for a user to visit a site without SSL to sniff that data and/or lure them into clicking on a sslstripped link. You can use the built-in sslstrip module or you can use this caplet to sslstrip and also spoof domain names.

I suggest you do some reading on SSL and HSTS before you plan to attack these protocols.

Was this page helpful?
0 / 5 - 0 ratings