I am trying to perform a MITM attack using bettercap against a website that doesn’t have the HSTS security policy implemented at all.
When I try the following command:
bettercap -T AddressIpoftheTarget -X --proxy --https-proxy, it works fine. Bettercap succeeds in injecting his own self-signed certificate to the web browser. The browser shows the "Not Secure" warning, and lets me accept the invalid certificate by proceeding to the website in an unsecure way.
When I try this command:
bettercap -T AddressIpoftheTarget -X --https-proxy it doesn’t work. I don’t understand why the
--proxy is needed. Is it because it enables the
sslstrip? How does
sslstrip contribute in all of this during this scenario?