Introduction
Overview
Section titled “Overview”bettercap is a powerful, extensible framework written in Go. It offers security researchers, red teamers, and reverse engineers an all-in-one solution.
Perform reconnaissance and attacks on:
- WiFi networks
- Bluetooth Low Energy devices
- Wireless HID devices
- CAN-bus
- IPv4/IPv6 networks
Main Features
Section titled “Main Features”- WiFi networks scanning, deauthentication attack, clientless PMKID association attack and automatic WPA/WPA2 client handshakes capture.
- Bluetooth Low Energy devices scanning, characteristics enumeration, reading and writing.
- 2.4Ghz wireless devices scanning and MouseJacking attacks with over-the-air HID frames injection (with DuckyScript support).
- Passive and active IP network hosts probing and recon.
- ARP, DNS, DHCPv6 and NDP spoofers for MITM attacks on IPv4 and IPv6 based networks.
- Proxies at packet level, TCP level and HTTP/HTTPS application level fully scriptable with easy to implement javascript plugins.
- A powerful network sniffer for credentials harvesting which can also be used as a network protocol fuzzer.
- A very fast port scanner.
- CAN-bus support for reading, injecting, fuzzing, loading custom DBC and builtin OBD2 PIDs parser.
- A powerful REST API with support for asynchronous events notification on websocket to orchestrate your attacks easily.
- An easy to use web user interface.
- More!
@evilsocket bettercap has done to the networking and wireless world what @metasploit did for the exploitation world. I can't recommend a better tool. Long live bettercap and long live go.
— Jack Zimmer (ZJam) (@Zimmer_Security) February 13, 2019
Supported Platforms
Section titled “Supported Platforms”About the 1.x Legacy Version
Section titled “About the 1.x Legacy Version”The first version (up to 1.6.2) was implemented in Ruby. It only offered basic MITM, sniffing, and proxying capabilities. Version 2.x is a complete reimplementation using Go.
This ground-up rewrite offered several advantages:
- Single binary distribution with minimal dependencies for any OS and architecture
- 1.x proxies bottlenecked the network during MITM attacks. The new version adds almost no overhead.
- Previous performance limitations made many 2.x features impossible to implement properly.
Versions prior to 2.x are deprecated. Support has been dropped in favor of the new implementation.
An archived copy of the legacy documentation is available here. Upgrading is strongly recommended.