What is bettercap?

Bettercap is a better version of Ettercap. The intention was to create a new tool that worked the same, but better.

But what is it, really? It has two objectives: first, it is a tool for sniffing traffic, and second, it is a tool for carrying out man in the middle attacks (so that you can sniff the traffic of your network neighbors).

Like Ettercap, Bettercap has several nice features:

• half and full duplex ARP spoofing
• ICMP/DNS/NDP spoofing
• Host discovery
• Credentials harvesting for multiple protocols (POST, HTTPS, FTP, IRC, POP, SMTP, etc)
• Customizable sniffer
• Modular HTTP/HTTPS proxies to allow for injection of custom HTML, JS, CSS code or urls
• SSLStripping with HSTS bypass

Links

Basics: http://www.darknet.org.uk/2016/03/bettercap-modular-portable-mitm-framework/

Bettercap tutorial: https://danielmiessler.com/study/bettercap/

Flags

monkey in the middle attacks in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker. MITM Wireless Attacks: MITM/Wireless Wired Attacks: MITM/Wired Layer 1 and 2 MITM Attacks: MITM/Layer 1 and 2 Network Tap: MITM/Wired/Network Tap Evil Twin Attack: Evil Twin  · MITM/Evil Twin Layer 3 and 4 MITM Attacks: MITM/Layer 3 and 4 Traffic Sniffing: MITM/Sniffing ARP Poisoning: MITM/ARP Poisoning Traffic Injection/Modification: MITM/Traffic Injection DNS Attacks: MITM/DNS  · Bettercap/Failed DNS Spoofing Attack  · Bettercap/Failed DNS Spoofing Attack 2 DHCP Attacks: MITM/DHCP WPAD MITM Attack: MITM/WPAD Port Stealing: MITM/Port Stealing Rushing Attack: MITM/Rushing Attack Attacking HTTPS: MITM/HTTPS Layer 5 MITM Attacks: Session Hijacking: MITM/Session Hijacking Toolz: Ettercap  · Bettercap  · MITMf  · EvilFOCA Wireshark  · Aircrack Dsniff  · Arpspoof  · Dnsspoof SSLSniff  · SSLStrip  · Frankencert Driftnet  · Karma MITM Labs: {{MITMLabs}} Category:MITM  · Category:Attacks  · Category:Kali Attack Layers Template:MITMLabs  · Template:MITMFlag Flags  · Template:MITMFlag  · e