What is Bettercap?

Bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack. It is created by Simone Margaritelli.

How It is better than Ettercap.

The author of Bettercap claims it's better than Ettercap,a popular MITM tool, for the following reasons.
  • Ettercap was a great tool, but it made its time.
  • We've found ettercap filters to simple not work in many cases as they are outdated and also haven't been maintained as there aren't as many low-level C programmers interested in maintaining it.
  • ettercap is freaking unstable on big networks ... If you've tried to use ettercap's host discovery feature on any large network you'll see it simply can't scale well.
  • yeah you can see connections and raw pcap stuff, nice toy, but as a professional researcher, I want to see only relevant stuff.
  • unless you're a C/C++ developer, you can't easily extend ettercap or make your own module.


Stable Release ( GEM )

gem install bettercap

Development Release

git clone https://github.com/evilsocket/bettercap
cd bettercap
gem build bettercap.gemspec
sudo gem install bettercap*.gem



All dependencies will be automatically installed through the GEM system, in some case you might need to install some system dependency in order to make everything work:
sudo apt-get install ruby-dev libpcap-devHow is it possible?

Features of Bettercap.

Dynamic Host Discovery + ARP Spoofing

You can target the whole network or a single known address. The ARP spoofing capabilities and multiple hosts discovery agents will make rest of the work easier.

Credentials Sniffer.

It has got a built-in credentials sniffer which can gather from the network the following information:
  • URLs being visited.
  • HTTPS host being visited.
  • HTTP POSTed data.
  • HTTP Basic and Digest authentication.
  • FTP credentials.
  • IRC credentials.
  • POP, IMAP and SMTP credentials.
  • NTLMv1/v2 ( HTTP, SMB, LDAP, etc ) credentials.

Modular Transparent Proxy

You can start a modular transparent proxy with the --proxy argument, by default it will be logging HTTP requests. By specifying a --proxy-module argument custom modules can be loaded to manipulate HTTP traffic. Example modules can be found in the dedicated repository.

Built in HTTP Server

A built-in HTTP server comes with bettercap, allowing you to serve custom contents from your own machine without installing and configuring other softwares such as Apache, nginx or lighttpd. Bettercap allows custom JavaScript files to be used on the network. Thus custom script or image can be injected into HTTP responses using a transparent proxy module. Sounds Great? Go ahead and try this tool.

Installation guide => http://www.bettercap.org/install/
Features and How to use => http://www.bettercap.org/features/

Post a Comment