{"id":2505,"date":"2015-07-22T11:02:35","date_gmt":"2015-07-22T11:02:35","guid":{"rendered":"http:\/\/www.pir8geek.com\/?p=2505"},"modified":"2015-07-22T11:02:35","modified_gmt":"2015-07-22T11:02:35","slug":"bettercap-a-complete-modular-portable-and-easily-extensible-mitm-framework","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=2505","title":{"rendered":"BetterCap &#8211; A complete, modular, portable and easily extensible MITM framework"},"content":{"rendered":"<p><strong>BetterCap<\/strong> is an attempt to create a complete, modular, portable and easily extensible MITM framework with every kind of features could be needed while performing a man in the middle attack.<br \/>\nIt&#8217;s currently able to sniff and print from the network the following informations:<\/p>\n<ul>\n<li>URLs being visited.<\/li>\n<li>HTTPS host being visited.<\/li>\n<li>HTTP POSTed data.<\/li>\n<li>FTP credentials.<\/li>\n<li>IRC credentials.<\/li>\n<li>POP, IMAP and SMTP credentials.<\/li>\n<li>NTLMv1\/v2 ( HTTP, SMB, LDAP, etc ) credentials.<\/li>\n<\/ul>\n<p>Examples:<br \/>\nDefault sniffer mode, all parsers enabled:<\/p>\n<pre>\nsudo ruby bettercap.rb --proxy\n<\/pre>\n<p>Enable proxy and use a custom port:<\/p>\n<pre>\nsudo ruby bettercap.rb --proxy --proxy-port=8081\n<\/pre>\n<p>Enable proxy and load the module example_proxy_module.rb:<\/p>\n<pre>\nsudo ruby bettercap.rb --proxy --proxy-module=example_proxy_module.rb\n<\/pre>\n<p>Disable spoofer and enable proxy ( stand alone proxy mode ):<\/p>\n<pre>\nsudo ruby bettercap.rb -S NONE --proxy\n<\/pre>\n<p>Modules &#8211; You can easily implement a module to inject data into pages or just inspect the requests\/responses creating a ruby file and passing it to bettercap with the &#8211;proxy-module argument, the following is a sample module that injects some contents into the title tag of each html page.<\/p>\n<pre>\nclass HackTitle < Proxy::Module\n    def initialize\n        # do your initialization stuff here\n    end\n    # self explainatory\n    def is_enabled?\n        return true\n    end\n    def on_request request, response\n        # is an html page?\n        if response.content_type == \"text\/html\"\n            Logger.info \"Hacking #{http:\/\/#{request.host}#{request.url}} title tag\"\n            # make sure to use sub! or gsub! to update the instance\n            response.body.sub!( \"<title>\", \"<title> !!! HACKED !!! \" )\n        end\n    end\nend\n<\/pre>\n<p>Depends:<\/p>\n<ul>\n<li>colorize (gem install colorize)<\/li>\n<li>packetfu (gem install packetfu)<\/li>\n<li>pcaprub (gem install pcaprub) [sudo apt-get install ruby-dev libpcap-dev]<\/li>\n<\/ul>\n<p>Download BetterCap at Github Repo: <a href=\"https:\/\/github.com\/evilsocket\/bettercap\" target=\"_blank\" rel=\"noopener noreferrer\">EvilSocket<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>BetterCap is an attempt to create a complete, modular, portable and easily extensible MITM framework with every kind of features could be needed while performing a man in the middle attack. It&#8217;s currently able to sniff and print from the network the following informations: URLs being visited. HTTPS host being visited. HTTP POSTed data. FTP<\/p>\n","protected":false},"author":1,"featured_media":2506,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[470],"tags":[459,461,532,533,534,535],"class_list":["post-2505","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sniffing-spoofing","tag-irc","tag-mitm","tag-mitm-framework","tag-ntlmv1","tag-sniffer","tag-sniffing"],"_links":{"self":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2505"}],"version-history":[{"count":0,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2505\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}