Hello everyone. I'm new here. I watch the Youtube channel from time to time and I decided to get an account with the forums due to how recent SSL threads were on this board. I'm still a bit new to this. Most of my knowledge comes from a series of tutorials but it's starting to come together. Anyways, Google isn't turning up answers for my concern but then I remember that a lot of the threads I was reading were outdated. To my understanding, SSL strip used to work but the invention of HSTS prevented that. Yet things like "Bettercap and SSLStrip2 should work"-Forum posters: 1 year ago. Keep in mind I do not own a Pineapple. What I do have is two computers hardwired to a Belkin N300 router. One of them is the attacker and the other is the target.
Since a year has past I'm not sure if these techniques still work. I have tried sslstrip2 and bettercap, but each time I try to strip my windows 8.1 target machine, I keep getting the classic 404. It says http:// can not be found so at least I know the attacker is actively TRYING to do it's job. Are these outdated methods that no longer work or am I just doing it wrong? I feel that I can't be THAT far off since I'm getting the same results with both Bettercap and sslstrip2. My target computer is running an older Core 2 Quad and an older motherboard so it might just be too slow. But even then i doubt it since it's not THAT slow. Any suggestions?
If I am doing it wrong, then here is what I am working with
Machine(Attacker) 192.168.2.6
>Windows 10 (Latest)
>Virtual Box Version: 5.1.0r108711 running Kali 2016.1
>Hardwired ethernet to onboard port. set to Bridge mode in virtual box
>Using dns2proxy
>using sslstrip2
Machine(Target) 192.168.2.5
>Windows 8.1
>Logging into my personal Facebook with Internet Explorer
>Logging into my personal Facebook with Google Chrome
>Hardwired ethernet to onboard port.
Router: Belkin N300 192.168.2.1
>Generic setup. Inly change I made was using Google's DNS
Steps Taken for sslstrip2
> wrote 1 to ip_forward. cat'd the file to ensure that it wrote.
>flushed IP tables
>flushed ip tables with -t nat
>redirected TCP traffic from port 80 to 8080
>redirected udp traffic from port 53 to port 53
>Ran iptables -t nat -L PREROUTING TCP and UDP have the source and destination set to "anywhere" so it should work... right?
>Have 5 terminal tabs open.
>One for running dns2proxy.py
>One for running sslstrip with -a
>One for running arpspoof -i eth0 -t 192.168.2.5 192.168.2.1
>One for running arpspoof -i eth0 -t 192.168.2.1 192.168.2.5
>One for tailing the sslstrip.log file
>attempted to log into facebook, gmail, xfinity, and yahoo with IE, chrome and firefox. All of them return 404.
Steps Taken for Bettercap
> wrote 1 to ip_forward. cat'd the file to ensure that it wrote.
>flushed IP tables
>flushed ip tables with -t nat
>redirected TCP traffic from port 80 to 8080
>ran Bettercap. Same results as when I was running sslstrip2