How to use Bettercap
Bettercap, the successor to Ettercap, is known as the Swiss Army knife for network hacking. It comes with various tools and modules to assist with all your needs.
⚠️Disclaimer⚠️ I’m not responsible for what you do with this information
Some Features
Spoofing:
-ARP
-DNS
-Dhcp6
-NDP
Proxies:
-HTTP
-HTTPS
-TCP
-PACKET
The entire list and any explanations can be found on Bettercap’s website here.
Installation
Installing Bettercap is pretty easy on Linux and macOS. On Linux simply use your package manager to install Bettercap (package name is usually just bettercap). If Bettercap is not available then you can get it through its GitHub repo here. On macOS simply use brew to install. Windows requires precompiled binaries (you can compile it yourself but it’s a pain). Android is also supported with Termux.
Basic Usage
Bettercap comes with three different options for usage. Each has its pros and cons and should be used in combination with each other.
Terminal
Every time Bettercap is started you will get a command line interface with it. To use, type out the module name and any options you want. For example, to turn on arp spoofing you would type:
arp.spoof on
in the terminal interface. To change variables type set and the variable name. For instance, to set arp spoof targets type:
set arp.spoof.targets [target or target range here]
and you should be set. To find any other options of variables simply type help or help followed by the module name such as:
help arp.spoof
If you need any more help check out Bettercap’s docs here.
Caplets
Think shell scripts but for Bettercap. Calpets are very useful for automation or for performing more complicated attacks. Caplets can be started right with Bettercap by adding the -caplet option, for example:
bettercap -caplet http-ui
would start the http ui caplet right when Bettercap finishes startup. Caplets can also be started through the command prompt by just typing out the caplet name or full path. Bettercap comes with many premade caplets ready to be used. To update or install the premade caplets, run:
caplets.update
in the Bettercap command prompt. Some distros will have the option to install caplets with the package manager (usually just called bettercap-caplets).
To create a caplet create a new file with the name of your caplet and use .caplet as the extension. Inside the caplet file, simply type out commands as you would in the terminal interface. Each command should have its own line and comments can be added with the # symbol (pound, hashtag, idc what you call it). Here's an example:
#example caplet that starts arp spoof and arp ban
#set targets
set arp.spoof.targets 192.168.1.0/24
#start arp spoof
arp.spoof on
#start arp ban
arp.ban on
#end of caplet here
HTTP or HTTPS UI
The easiest option of the three. To start, make sure the UI is installed or up to date. If you are unsure, just type out:
ui.update
in the terminal interface or install using the package manager (usually called bettercap-ui). Make sure that the http-ui or https-ui caplet is also installed! If it’s not then just do caplets.update or update through the package manager. To start the UI type:
http-ui
for local use at http://127.0.0.1/ or:
https-ui
for remote use using your local ip. The default UI username is user and the default password is pass. It is highly recommended that you change these! (I don’t think I need to explain why) Most of the UI is self-explanatory but I will say that the search bar under the command bar is very useful, especially for finding targets on a network.
Extra Notes
Although Bluetooth is an option it largely depends on your system. Compatibility is not guaranteed but Linux is the best choice for it.
Don’t get your hopes up for the HID option. It requires specialized hardware flashed with Bastille’s RFStorm firmware. The hardware is hard to find these days. If you still want to try then use the instructions here.
HTTPS proxy is not very effective unless done right. The target needs to trust the certificate or CA for it to work.
Happy Hacking!~
