For more free cybersecurity training: www.infosecinstitute.com/cyberwork-resources/?

Excellent walkthrough. For those who say it doesn't work, yes, a few modifications might be needed based on recent updates, but that's always the deal. Thanks, Infosec!

no wireshark no bettercap. It's a way of showing alternative and better ways to do mitm. So sorry that I see this video too late from release date. Fascinating content btw.

Precisely explained. Thanks a ton for this walk-through.

I don't know why but this gentleman look so innocent to me.. It is hard to believe what he can do if we connect to same wifi😂

in real life it's much more difficult since u will need to know ur victim browser user agent to look for a vulnerability in the v8 engine if the web browser is chrome after that u have to bypass hsts which is also quite difficult only an APT will have tis capabilities in this modern era . Great video :)

I wish you'd have gone deeper. I'm in a cyber security class and this definetely came in handy.

Excellent video man, im bored renewing my cyber security knowledge and slowly learning the linux code as i was brought up on windows 👍

Great job! Brilliant walkthrough! Love your channel, keep up the good work!

not to sound weird but its cool to find a brotha to teach me this..subscribe

Amazing work

Wouaahh, infosec , happy to found your -c

He did that with ease.

Which OS do you use, is it kali linux or any other OS for hacking ?

What program or Virtual machine are you using? I'm starting to study IT&Networking but i don't recall that interface? Is it in Ubuntu or Linux? can you give me the specifics?

How can you build an identical website because I really want to do what Kitboga does and create a fake bank account from my machine. In one of his videos he did say he does a man in the middle attack on himself.

excelente video bro!!!

sir,how to detect the man in the middle attack...?any tools..?

This dude just made Chuck Norris cry, nice to see someone that knows their stuff. Now I have a few things I would like for you to look at lol. Just kidding. An NO, I am not gonna open ANY response you send back, I like my machine lol

Thank you for the video! Can you explain how configuring HSTS header would prevent this? I saw that facebook site has a HSTS header, does this mean that HSTS header doesnt help?

great video

Very informative great vid !

I don't understand what happened at the end. What does it mean for the attacker to get a session? What does dropping what into a shell, mean?

very nice thank you

So if someone pings Facebook, it'll return your devices up address if I'm understanding correctly. If this is the case, how might you hide the IP? Use a VPN and it'll redirect to that address if you've used it through the whole process?

Excellent top kek

Didn't work. The general arp poison worked fine, but when trying to use driftnet - no images on HTTP or HTTPS sites. When doing dnsspoof, it pinged to a IPv6 address, not like in your demo, IPv4, none the less, it didn't match attacker IP addresses, even though i forced kali to use IPv4 and Windows VM on IPv4. I think there is a conf file for dnsspoof and wondering if default settings to be changed, or in the ip_forwarding (also a conf file) maybe you can share entire setup behind the commands? Informative - but didn't work. Going back to bettercap :)

What's that root@bt

How can I get android or iOS app https request with parameters.

Wasn't this before facebook for example implemented HSTS?

what tool you using in social attack?

yeah casual victims dont use explore lol