Bettercap – swiss army knife for network attacks and monitoring

Man in the middle attack is the first thing that attacker will try when he want to have users data. this include login credentials such as username and password , running services by the user, emails that may contain valuable information or just to perform DNS spoofing to redirect user to some malicious system. There are many tools to make MITM attack including  bettercap.

Bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack.

bettercap - swiss army knife for network attacks and monitoring

bettercap – swiss army knife for network attacks and monitoring

The new release 2.9 include the following features:

  • new boolean flag to enable or disable endpoints metainfo rendering
  • using wireshark manufacturers file instead of oui.dat (closes #303)
  • now accepts an IP address parameter which, if present, will be the only endpoint listed in the table
  • WSD discovery agent for net.probe
  • UPNP discovery agent for net.probe
  • NBNS discovery agent for net.probe
  • MDNS discovery agent for net.probe
  • new boolean parameters to selectively enable or disable specific probe agents
  • net.probe on uses both NBNS and MDNS queries to fetch endpoints metadata and hostnames
  • net.sniff now also reports mDNS queries
  • systemd service file for bettercap as a system server
  • disabling authentication if username or password are empty
  • asking confirmation when the session is closed with CTRL+C / SIGINT (closes #319)

You can read more and download latest version over here:

Notify of
Inline Feedbacks
View all comments