A man-in-the-middle (MiTM) is an attack in which the attacker eavesdrops on the communication between two targets. The attacker put him/herself between two parties who believe they are communicating directly with each other.
Bettercap Tool
This tool is used for many different purposes such as breaking passwords within the network and managing attacks within the network. Bettercap has multiple modules.
Let’s talk about a few modules.
arp.spoof This module keeps spoofing selected targets on the network using crafted ARP packets to perform a MITM attack.
arp.ban It disconnects different devices on the wireless from the internet. It works easily on wireless because It is hard to disconnect the person who connects to the internet via a wired network.
net.probe It is used to monitor the IP addresses of the devices on the same network.
net.show It is included inside the net.recon module. It shows all the devices connected to the same network and their IP addresses, MAC addresses, names, etc.
net.sniff This module is used to capture and monitor data packets that are passed through the network. It “sniffs” network traffic for information (where it’s coming from, which device, the protocol used, etc.).
We can get information about any module typing help. (For instance arp.spoof)
Some settings are default and sometimes we need to make a change. In this situation, we use set command to change settings in parameters.
For example, before running arp.spoof module we have to set arp.spoof.fullduplex from false to true In order to attack both the targets and the gateway.
Now, I’m gonna talk about How to attack (MitM) using Bettercap.
After setting the target, we run arp.spoof on and net.sniff on in order to start arp spoofer and the network sniffer.
We see that it started to sniff the network traffic and catch the packets. I searched Google and I see it here. I searched another website (unicornitems.com) and I see it too.
I see all applications which send packets, not just the websites I search for. For instance, during the sniffing, Whatsapp application is open on the target’s computer and I can also see it here.
If the target enters unsecured sites like http, you can get all the data of the target even the passwords.
