Man-In-The-Middle Network Tools

Bettercap v2.0 – The State Of The Art Network Attack And Monitoring Framework

bettercap is the Swiss army knife for network attacks and monitoring.

How to Install
A precompiled version is available for each release, alternatively you can use the latest version of the source code from this repository in order to build your own binary.
Make sure you have a correctly configured Go >= 1.8 environment, that $GOPATH/bin is in $PATH and the libpcap-dev package installed for your system, then:

$ go get github.com/bettercap/bettercap

This command will download bettercap, install its dependencies, compile it and move the bettercap executable to $GOPATH/bin.
Now you can use sudo bettercap -h to show the basic command line options and just sudo bettercap to start an interactive session on your default network interface, otherwise you can load a caplet from the dedicated repository.

Update
In order to update to an unstable but bleeding edge release from this repository, run the command below:

$ go get -u github.com/bettercap/bettercap

Interactive Mode

The basic command line arguments ( bettercap -h ) are:

argumentdescription
-caplet FILENAMERead commands from this file and execute them in the interactive session.
-eval COMMANDSRun one or more commands separated by ; in the interactive session, used to set variables via command line.
-iface INTERFACENetwork interface to bind to, if empty the default interface will be auto selected (accepts interface name, ip or mac address).
-no-historyDisable the interactive session history file ~/.bettercap.history.
-env-file FILENAMELoad environment variables from this file if found, set to empty to disable environment persistance. (default ~/bettercap.env)
-cpu-profile FILENAMEWrite cpu profile file (used for debugging and benchmarking).
-mem-profile FILENAMEWrite memory profile to file (used for debugging and benchmarking).
-silentSuppress all logs which are not errors.
-debugEnable debug messages.

If no -caplet option is specified, bettercap will start in interactive mode, allowing you to start and stop modules manually, change options and apply new firewall rules on the fly.
To get a grasp of what you can do, type help and the general help menu will be shown, you can also have module specific help by using help module-name (for instance try with help net.recon), to see which modules are running and their configuration at any time, you can use the active command.
To print all variables and their values instead, you can use get * or get variable-name to get a single variable (try with get gateway.address), to set a new value you can simply set variable-name new-value (a value of "" will clear the variable contents), on a typical session variables look like this.

192.168.1.0/24 > 192.168.1.17  » get *


                        $: '{by}{fw}{cidr} {fb}> {env.iface.ipv4} {reset} {bold}» {reset}'

         api.rest.address: '<interface address>'
     api.rest.certificate: '~/.bcap-api.rest.certificate.pem'
             api.rest.key: '~/.bcap-api.rest.key.pem'
        api.rest.password: ''
            api.rest.port: '8083'
        api.rest.username: ''

        arp.spoof.targets: '<entire subnet>'

      dhcp6.spoof.address: '<interface address>'
      dhcp6.spoof.domains: 'microsoft.com, goole.com, facebook.com, apple.com, twitter.com'

        dns.spoof.address: '<interface address>'
            dns.spoof.all: 'false'
        dns.spoof.domains: '*'

     events.stream.filter: ''

          gateway.address: '192.168.1.1'
              gateway.mac: 'de:ad:be:ef:de:ad'

                http.port: '80'
       http.proxy.address: '<interface address>'
          http.proxy.port: '8080'
        http.proxy.script: ''
      http.server.address: '<interface address>'
         http.server.path: '.'
         http.server.port: '80'

               https.port: '443'
      https.proxy.address: '<interface address>'
  https.proxy.certificate: '~/.bettercap-ca.cert.pem'
          https.proxy.key: '~/.bettercap-ca.key.pem'
         https.proxy.port: '8083'
       https.proxy.script: ''

              iface.index: '6'
               iface.ipv4: '192.168.1.17'
               iface.ipv6: 'fe80::dddd:dddd:ffff:ffff'
                iface.mac: 'de:ad:be:ef:de:ad'
               iface.name: 'enx18ffffffff'

                log.debug: 'false'
               log.silent: 'false'

      mac.changer.address: '<random mac>'
        mac.changer.iface: '<interface name>'

       net.probe.throttle: '10'
         net.sniff.filter: 'not arp'
          net.sniff.local: 'false'
         net.sniff.output: ''
         net.sniff.regexp: ''
         net.sniff.source: ''
        net.sniff.verbose: 'true'

          ticker.commands: 'clear; net.show'
            ticker.period: '1'

       wifi.recon.channel: ''

Basic Commands

commanddescription
help / help MODULEList available commands or show module specific help if no module name is provided.
activeShow information about active modules.
quit / qClose the session and exit.
sleep SECONDSSleep for the given amount of seconds.
get VARIABLEGet the value of VARIABLE, use * for all.
set VARIABLE VALUESet the value of VARIABLE to VALUE.
clearClear the screen .
include CAPLETLoad and run this caplet in the current session.
!COMMANDExecute a shell command and print its output.
alias MAC NAMEAssign an alias to a given endpoint given its MAC address (will be persistent on file and used for the net.show command.

Documentation and Examples
The project is documented in this wiki.

About the author

Icarus

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: