SSLSTRIP attacks with Bettercap and MITMF - more info about HSTS and Web browsers

I've decided to make a follow-up video on SSLSTRIP and man-in-the-middle attacks, in order to clarify and emphasize a few things around HSTS and Web browsers.
The client Web browser version seems to be sometimes overlooked when it comes to the overall HSTS protocol.
In this video we use Bettercap and different client Web browsers, to simulate man-in-the-middle attacks against websites that are correctly HSTS configured. We will see that the attacks could be successful or not, depending on the Web browser version and capabilities.

See below a list of browsers with HSTS capabilities ( Reference: Wikipedia - HTTP_Strict_Transport_Security ):
- Chromium and Google Chrome since version
- Firefox since version 4; with Firefox 17, Mozilla integrates a list of websites supporting HSTS.
- Opera since version 12
- Safari as of OS X Mavericks
- Internet Explorer 11 on Windows 8.1 and Windows 7 when KB 3058515 is installed
- Microsoft Edge and Internet Explorer 11 on Windows 10
- BlackBerry 10 Browser and WebView since BlackBerry OS 10.3.3.


In the second part of this video we quickly review another tool that could be used for SSLSTRIP attacks: MITMF (Man-In-The-Middle Framework). We compare MITMF with Bettercap and see a scenario where the two tools have different outcomes.

MITMF Installation

MITMF doesn't come by default installed on Kali Linux. In order to install MITMF on Kali Linux, perform the following steps:
- Update the Kali repositories: apt-get update
- Install MITMF: apt-get install mitmf

Installing MITMF on Kali Linux

MITMF command-line options

Use: mitmf -h in order to display the command-line options

MITMF command-line options

The following MITMF command was used in order to perform the man-in-the-middle SSLSTRIP attack:

mitmf -i eth0 --hsts --spoof --arp --dns --gateway --targets

-i eth0   specifies the interface to listen on (eth0 in our case; use the  ifconfig  command to list the interfaces)
--hsts   loads and enables the SSLSTRIP module
--spoof  loads the Spoof module to redirect and modify the traffic
--arp  redirects the traffic using ARP spoofing
--dns  proxies and modifies the DNS queries
--gateway  specifies the gateway IP
--targets  specifies the host(s) to attack

SSLSTRIP attacks with Bettercap and MITMF - HSTS and Web browsers


  1. This is very educational content and written well for a change. It's nice to see that some people still understand how to write a quality post.! Best genuine hackers for hire uk service provider.

  2. This is one of the best blogs I've come across recently to learn cyber security. I appreciate the author's efforts in writing such informative article. Glad to discover this blog, great blog. Network security audit

  3. I admire this article for well-researched content and excellent wording. Thank you for providing such a unique information here. leading Proactive Cyber Security Company

  4. This blog is really helpful to deliver updated affairs over internet which is really appraisable. Cyber Security Brisbane


Post a Comment

Popular Posts

MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit

Generating shellcode - using msfvenom to generate a binary payload

MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux