In the previous article, I showed you some basic about bettercap how to use is and its commands but if haven’t checked it then first read that one then check this, This time I will show you how to use the bettercap to capture the https traffic and how DNS spoofing work in bettercap.
Most of the website use https which is the secure version of the HTTP protocol which uses SSL or TLS security to encrypt the data. To bypass the https bettercap downgrade the https request to HTTP which mean if the victim is trying to visit the https website we will force the browser to show him/her HTTP website instead of https, to do that first we have to do arp spoofing, network sniff all the command which we used in the previous article after that we have to set the https setting to follow the command below.
This will let you capture the https traffic but as you may already know about hsts security which it currently cannot be bypassed, for those who are not familiar with hsts, it is a type of security which doesn’t allow the browser to show https website in Http in our current attack we are downgrading https site to HTTP but if hsts security is enable you can’t do this with those websites like facebook, twitter etc. bettercap https bypass can be buggy or won’t work sometime if you got any error you can restart the program or check their GitHub.
DNS spoofing will allow us to redirect the victim to another website if the victim visits the particular website it will redirect him to our website which could be a phishing page or any other malicious page, for this I am using my local kali Linux server to redirect the user, which will be used to show our victim face site which is hosted on my local site. once again DNS spoofing won’t work against all the website ad can be buggy. To run this attack make sure you clean the cache and history from your browser. and follow the command.
set dns.spoof.address 192.168.0.111
set dns.spoof.all true
set dns.spoof.domains xyz.com
Read: What is DNS SPOOFING
the first command will show you the help options for DNS spoofing. the second command to set the IP address where your victim will be redirected could be your local server or anything. third command true will allow the user to surf the other site normally without trouble. and the domain which will redirect the victim when he visits it.