What is Bettercap?
Bettercap is a powerful tool to perform various types of Man-In-The-Middle (MITM) attacks against the network, manipulate HTTP and HTTPS traffic in realtime and much more.
Some of the main features include:
- Full and half duplex ARP spoofing.
- The first real ICMP DoubleDirect spoofing implementation.
- Configurable DNS spoofing.
- Realtime and completely automatized host discovery.
- Realtime credentials harvesting for protocols such as HTTP(S) POSTed data, Basic and Digest Authentications, FTP, IRC, POP, IMAP, SMTP, NTLM ( HTTP, SMB, LDAP, etc ) and more.
- Fully customizable network sniffer.
- Modular HTTP and HTTPS transparent proxies with support for user plugins + builtin plugins to inject custom HTML code, JS or CSS files and URLs.
- Builtin HTTP server.
And much more! – Bettercap website
To cut it short this tool can sniff visited passwords and websites,spoof,sslstrip over wifi networks. Bettercap is not installed in Kali so you need to install one by typing:
- gem install bettercap then press enter
After installing type:
- bettercap -h it will give you the commands available for the tool like below
The next part is choosing your victim’s mac address by using nmap or airodump. There’s a lot of tools to find the connected devices and after choosing your victim let’s move on sniffing part!
- bettercap -X -L -T (mac address…)
While you have the option in choosing your victims one by one you can also sniff all the devices connected to the network with the next command.
- bettercap -X -L
There’s more useful commands with bettercap available, it depends on what you want to capture, you can even specify the parsers to use. Endless possibilities!