Bettercap – Swiss Army Knife for Network Recon and MITM

Bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices and Ethernet networks.

Bettercap - Swiss Army Knife for Network Reconnaissance and MITM
Bettercap – Swiss Army Knife for Network Reconnaissance and MITM

Some of the current supported features are:

  • WiFi networks scanning, deauthentication attack, clientless PMKID association attack and automatic WPA/WPA2 client handshakes capture.
  • Bluetooth Low Energy devices scanning, characteristics enumeration, reading and writing. 2.4Ghz wireless devices scanning and MouseJacking attacks with over-the-air HID frames injection (with DuckyScript support).
  • Passive and active IP network hosts probing and recon.
  • ARP, DNS and DHCPv6 spoofers for MITM attacks on IP based networks.
  • Proxies at packet level, TCP level and HTTP/HTTPS application level fully scriptable with easy to implement javascript plugins.
  • A powerful network sniffer for credentials harvesting which can also be used as a network protocol fuzzer.
  • A very fast port scanner.
  • A powerful REST API with support for asynchronous events notification on websocket to orchestrate your attacks easily.
  • A very convenient web UI.

While the first version (up to 1.6.2) of bettercap was implemented in Ruby and only offered basic MITM, sniffing and proxying capabilities, the 2.x is a complete reimplementation using the Go programming language. This ground-up rewrite offered several advantages:

  • bettercap can now be distributed as a single binary with very few dependencies, for basically any OS and any architecture.
  • 1.x proxies, although highly optimized and event based, used to bottleneck the entire network when performing a MITM attack, while the new version adds almost no overhead.

For this reason, any version prior to 2.x is considered deprecated and any type of support has been dropped in favor of the new implementation.

You can read more and download this tool over here: https://github.com/bettercap/bettercap

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments