I use bettercap2 http proxy and arp spoof to inject one-line js alert into http pages. It works fine, however what about https? I couldn’t find any working method to inject it without the browser’s self-signed warning.
HTTPS allows to import https source scripts only, so I tried apache2 + ngrok for green lock server with my script and it works, but I can’t understand how to dynamically add this script when users connect to sites on a LAN.
Is it possible to inject js into https sites with bettercap https proxy or maybe there is another method?