SSLSTRIP attacks with Bettercap and MITMF - more info about HSTS and Web browsers
I've decided to make a follow-up video on SSLSTRIP and man-in-the-middle attacks, in order to clarify and emphasize a few things around HSTS and Web browsers.
The client Web browser version seems to be sometimes overlooked when it comes to the overall HSTS protocol.
In this video we use Bettercap and different client Web browsers, to simulate man-in-the-middle attacks against websites that are correctly HSTS configured. We will see that the attacks could be successful or not, depending on the Web browser version and capabilities.
See below a list of browsers with HSTS capabilities ( Reference: Wikipedia - HTTP_Strict_Transport_Security ):
- Chromium and Google Chrome since version 4.0.211.0
- Firefox since version 4; with Firefox 17, Mozilla integrates a list of websites supporting HSTS.
- Opera since version 12
- Safari as of OS X Mavericks
- Internet Explorer 11 on Windows 8.1 and Windows 7 when KB 3058515 is installed
- Microsoft Edge and Internet Explorer 11 on Windows 10
- BlackBerry 10 Browser and WebView since BlackBerry OS 10.3.3.
In the second part of this video we quickly review another tool that could be used for SSLSTRIP attacks: MITMF (Man-In-The-Middle Framework). We compare MITMF with Bettercap and see a scenario where the two tools have different outcomes.
- Update the Kali repositories: apt-get update
- Install MITMF: apt-get install mitmf
The following MITMF command was used in order to perform the man-in-the-middle SSLSTRIP attack:
mitmf -i eth0 --hsts --spoof --arp --dns --gateway 192.168.254.2 --targets 192.168.254.70
where:
-i eth0 specifies the interface to listen on (eth0 in our case; use the ifconfig command to list the interfaces)
--hsts loads and enables the SSLSTRIP module
--spoof loads the Spoof module to redirect and modify the traffic
--arp redirects the traffic using ARP spoofing
--dns proxies and modifies the DNS queries
--gateway 192.168.254.2 specifies the gateway IP
--targets 192.168.254.70 specifies the host(s) to attack
The client Web browser version seems to be sometimes overlooked when it comes to the overall HSTS protocol.
In this video we use Bettercap and different client Web browsers, to simulate man-in-the-middle attacks against websites that are correctly HSTS configured. We will see that the attacks could be successful or not, depending on the Web browser version and capabilities.
See below a list of browsers with HSTS capabilities ( Reference: Wikipedia - HTTP_Strict_Transport_Security ):
- Chromium and Google Chrome since version 4.0.211.0
- Firefox since version 4; with Firefox 17, Mozilla integrates a list of websites supporting HSTS.
- Opera since version 12
- Safari as of OS X Mavericks
- Internet Explorer 11 on Windows 8.1 and Windows 7 when KB 3058515 is installed
- Microsoft Edge and Internet Explorer 11 on Windows 10
- BlackBerry 10 Browser and WebView since BlackBerry OS 10.3.3.
MITMF
In the second part of this video we quickly review another tool that could be used for SSLSTRIP attacks: MITMF (Man-In-The-Middle Framework). We compare MITMF with Bettercap and see a scenario where the two tools have different outcomes.
MITMF Installation
MITMF doesn't come by default installed on Kali Linux. In order to install MITMF on Kali Linux, perform the following steps:- Update the Kali repositories: apt-get update
- Install MITMF: apt-get install mitmf
![]() |
Installing MITMF on Kali Linux |
MITMF command-line options
Use: mitmf -h in order to display the command-line options![]() |
MITMF command-line options |
The following MITMF command was used in order to perform the man-in-the-middle SSLSTRIP attack:
mitmf -i eth0 --hsts --spoof --arp --dns --gateway 192.168.254.2 --targets 192.168.254.70
where:
-i eth0 specifies the interface to listen on (eth0 in our case; use the ifconfig command to list the interfaces)
--hsts loads and enables the SSLSTRIP module
--spoof loads the Spoof module to redirect and modify the traffic
--arp redirects the traffic using ARP spoofing
--dns proxies and modifies the DNS queries
--gateway 192.168.254.2 specifies the gateway IP
--targets 192.168.254.70 specifies the host(s) to attack
Nice article you have posted here.Thank you for sharing this information. Share more like this.
ReplyDeleteEthical Hacking Course in Anna Nagar
DevOps Course in Tambaram
German Classes in Anna Nagar
RPA Training in T Nagar
Selenium Training in Anna Nagar
Software Testing Training in T Nagar
SEO Training in omr
Selenium Training in Velachery
Software Testing Training in chennai
German Classes in T Nagar
It's very nice of you to share your knowledge through posts. I love to read stories about your experiences. They're very useful and interesting. Checkout here more info about mobile phone hacking service
ReplyDeleteGreat blog! Thank you so much for sharing this pretty article, This blog is so good to read.
ReplyDeletehow to learn java programming
cross platform app development
best social media campaigns
what is cloud service in azure
interview questions on tableau