BetterCap is an attempt to create a complete, modular, portable and easily extensible MITM framework with every kind of features could be needed while performing a man in the middle attack.
It’s currently able to sniff and print from the network the following informations:
- URLs being visited.
- HTTPS host being visited.
- HTTP POSTed data.
- FTP credentials.
- IRC credentials.
- POP, IMAP and SMTP credentials.
- NTLMv1/v2 ( HTTP, SMB, LDAP, etc ) credentials.
Examples:
Default sniffer mode, all parsers enabled:
sudo ruby bettercap.rb --proxy
Enable proxy and use a custom port:
sudo ruby bettercap.rb --proxy --proxy-port=8081
Enable proxy and load the module example_proxy_module.rb:
sudo ruby bettercap.rb --proxy --proxy-module=example_proxy_module.rb
Disable spoofer and enable proxy ( stand alone proxy mode ):
sudo ruby bettercap.rb -S NONE --proxy
Modules – You can easily implement a module to inject data into pages or just inspect the requests/responses creating a ruby file and passing it to bettercap with the –proxy-module argument, the following is a sample module that injects some contents into the title tag of each html page.
class HackTitle < Proxy::Module def initialize # do your initialization stuff here end # self explainatory def is_enabled? return true end def on_request request, response # is an html page? if response.content_type == "text/html" Logger.info "Hacking #{http://#{request.host}#{request.url}} title tag" # make sure to use sub! or gsub! to update the instance response.body.sub!( "", " !!! HACKED !!! " ) end end end
Depends:
- colorize (gem install colorize)
- packetfu (gem install packetfu)
- pcaprub (gem install pcaprub) [sudo apt-get install ruby-dev libpcap-dev]
Download BetterCap at Github Repo: EvilSocket