Problem in detecting HTTPS

[Onyz107]

The built-in sslstripping feature (http.proxy.sslstrip) is not working against HTTPS websites in this issue I will be using cygwin.com and winzip.com as an example, as we can see they are not HSTS preloaded https://hstspreload.org/?domain=cygwin.com https://hstspreload.org/?domain=winzip.com.

I am using bettercap v2.32.0 (built for linux amd64 with go1.21.0)

my os is

Distributor ID:	Kali
Description:	Kali GNU/Linux Rolling
Release:	2024.1
Codename:	kali-rolling

x86_64

I am using --caplet script.cap as a command line argument

script.cap contains:

net.probe on
set http.proxy.sslstrip true
http.proxy on
set arp.spoof.fullduplex true
set arp.spoof.targets 192.168.0.100
set net.sniff.local true
arp.spoof on
net.sniff on

Full Debug output: https://pastebin.com/qZF21fdY

Steps to Reproduce

1. Run the script.cap provided above make sure to change the IP address accordingly
2. Go into an HTTPS website on the victim machine

Expected behavior:

1. Successfully ARP spoof the victim
2. Successfully sniff data from http websites
3. Successfully downgrade HTTPS into HTTP
4. When downgraded successfully sniff data from HTTPS websites

Actual behavior:

1. Successfully ARP spoofed the victim
2. Successfully sniffed data from http websites
3. Couldn't downgrade HTTPS into HTTP
4. Since I could not downgrade HTTPS I was not able to sniff any data from HTTPS websites

--

Now as I final note I want to add my own interpretation of this; Generally when bettercap detects HTTPS websites while running SSLstrip it logs something like spoofing the domain or HTTPS detected downgrading etc. but in this instance it is not so maybe this is a bug where it is not correctly detecting HTTPS pages therefore not even trying to downgrade them???

BTW ofcourse I cleared all the web browser cache, I tried both chrome and edge, also I disabled secure DNS on both.