bettercap v2.7 releases: Swiss army knife for network attacks and monitoring
bettercap is the Swiss army knife for network attacks and monitoring.
Bettercap v2.7 released.
Changelog
New Features
wifi.deauth
now accepts a broadcast bssid, in which case it’ll start deauthing every client from every access point- variables are now accessible from every command with
{env.varname}
(closes #276) - implemented
JSResponse.ClearBody
API (closes #272) - new
make install
rule - adding search for caplets into autocomplete (only /caplets/ will be searched recursively)
Fixes
- fixed
wifi.ap
functionality (broken in 0de6f3a) - fix for domains localhost.* and 127.0.0.1.*
- misc fixes here and there
Misc
- added several unit tests
Download
Docker
In this repository, BetterCAP is containerized using Alpine Linux – a security-oriented, lightweight Linux distribution based on musl libc and busybox. The resulting Docker image is relatively small and easy to manage the dependencies.
To pull latest BetterCAP version of the image:
$ docker pull evilsocket/bettercap-ng
To run:
$ docker run -it --privileged --net=host evilsocket/bettercap-ng -h
Compiling
Make sure you have a correctly configured Go >= 1.8 environments, that $GOPATH/bin is in $PATH and the libpcap-dev package installed on your system, then:
$ go get github.com/evilsocket/bettercap-ng
To show the command line options:
Caplets
Interactive sessions can be scripted with .cap files, or caplets, the following are a few basic examples, look the caplets folder for more.
caplets/simple-password-sniffer.cap
Simple password sniffer.
caplets/mitm6.cap
Reroute DNS requests by using DHCPv6 replies, start an HTTP server and DNS spoofer for microsoft.com and google.com.
caplets/rest-api.cap
Start a rest API.
Get information about the current session:
curl -k –user bpcap:bcap https://bettercap-ip:8083/api/session
Execute a command in the current interactive session:
curl -k –user bcap:bcap https://bettercap-ip:8083/api/session -H “Content-Type: application/json” -X POST -d ‘{“cmd”:”net.probe on”}’
Get last 50 events:
curl -k –user bpcap:bcap https://bettercap-ip:8083/api/events?n=50
Clear events:
curl -k –user bpcap:bcap -X DELETE https://bettercap-ip:8083/api/events
caplets/fb-phish.cap
This caplet will create a fake Facebook login page on port 80, intercept login attempts using the http.proxy, print credentials and redirect the target to the real Facebook.
Make sure to create the folder first:
The caplets/fb-phish.js proxy script file:
caplets/beef-inject.cap
Use a proxy script to inject a BEEF javascript hook:
The caplets/beef.inject.js proxy script file:
Interactive Mode
Interactive mode allows you to start and stop modules manually on the fly, change options and apply new firewall rules on the fly, to show the help menu type help, you can have module specific help by using help module-name.
Copyright (C) 2018 Simone Margaritelli
Source: https://github.com/evilsocket/