Bettercap : MITM Framework for Penetration Testers
Man in the Middle attacks are very common while penetration testing and opens path for a variety of other network based attacks namely Password Sniffing , SSL strip and lots of more . Well we have a new framework for MITM Testing called BETTERCAP . Easy to integrate in Ubuntu or Kali (or whatever you use as your penetration testing Linux Distro) Bettercap comes with a lot of Extensible features. This is a Tutorial on the capabilities of Bettercap and How to effectively use Bettercap .
What is Bettercap?
BetterCAP is a powerful MITM Framework, open-source tool to perform various types of Man-In-The-Middle attacks against the network, manipulate HTTP and HTTPS traffic in realtime and much more. There are a lot of Extensible Features in Bettercap most important of which are listed here :
Some of the main features include:
- Full and half duplex ARP spoofing.
- The first real ICMP DoubleDirect spoofing implementation.
- Configurable DNS spoofing.
- Realtime and completely automatized host discovery.
- Realtime credentials harvesting for protocols such as HTTP(S) POSTed data, Basic and Digest Authentications, FTP, IRC, POP, IMAP, SMTP, NTLM ( HTTP, SMB, LDAP, etc ) and more.
- Fully customizable network sniffer.
- Modular HTTP and HTTPS transparent proxies with support for user plugins + builtin plugins to inject custom HTML code, JS or CSS files and URLs.
- Builtin HTTP server.
- MITM Framework
Why don’t I simply use ettercap instead?
- Ettercap filters do not work most of the times, are outdated and hard to implement due to the specific language they’re implemented in.
- Ettercap is freaking unstable on big networks … try to launch the host discovery on a bigger network rather than the usual /24 ;)
- Unless you’re a C/C++ developer, you can’t easily extend ettercap or make your own module.
- Ettercap’s ICMP spoofing is completely useless.
- Ettercap does not provide a builtin and modular HTTP(S) transparent proxy.
- Ettercap does not provide a smart and fully customizable credentials sniffer.
Here is the official Documentation link to Bettercap – https://bettercap.org/docs/
Before we get to installing the actual bettercap package, we’re going to want to resolve all of the dependencies using aptitude. the following dependencies are required in order to run bettercap:
sudo apt-get install build-essential ruby-dev libpcap-dev
Once your dependencies have finished downloading and installing, let’s install bettercap using the ruby package manager.
sudo gem install bettercap
This is all you need to get started with the Bettercap MITM Framework toolkit .
A simple Credential stealing attack can be done using the following command :
sudo bettercap -X --custom-parser "password" -T 192.168.100.101
The -X parameter is what enables the sniffer, while the –custom-parser parameter allows the user to pass an argument to match a specific regular expression within the captured packets. this is what makes Bettercap’s sniffer so useful.
-T option is for the Target .
#Purely for educational purposes . Penetration testing without Authorization is Illegal .