What is Bettercap?









How It is better than Ettercap.





Ettercap was a great tool, but it made its time.

a great tool, but it made its time. We've found ettercap filters to simple not work in many cases as they are outdated and also haven't been maintained as there aren't as many low-level C programmers interested in maintaining it.

ettercap is freaking unstable on big networks ... If you've tried to use ettercap's host discovery feature on any large network you'll see it simply can't scale well.

on big networks ... If you've tried to use ettercap's host discovery feature on any large network you'll see it simply can't scale well. yeah you can see connections and raw pcap stuff, nice toy , but as a professional researcher, I want to see only relevant stuff .

, but . unless you're a C/C++ developer, you can't easily extend ettercap or make your own module.





Installation





Stable Release ( GEM )





gem install bettercap

Development Release





git clone https://github.com/evilsocket/bettercap cd bettercap gem build bettercap.gemspec sudo gem install bettercap*.gem

Dependencies





sudo apt-get install ruby-dev libpcap-devHow is it possible?

Features of Bettercap.





Dynamic Host Discovery + ARP Spoofing





Credentials Sniffer.





URLs being visited.

HTTPS host being visited.

HTTP POSTed data.

HTTP Basic and Digest authentication.

FTP credentials.

IRC credentials.

POP, IMAP and SMTP credentials.

NTLMv1/v2 ( HTTP, SMB, LDAP, etc ) credentials.

Modular Transparent Proxy













Built in HTTP Server





Installation guide => http://www.bettercap.org/install/

Features and How to use => http://www.bettercap.org/features/

is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack. It is created byThe author of Bettercap claims it's better than Ettercap,a popular MITM tool, for the following reasons.All dependencies will be automatically installed through the GEM system, in some case you might need to install some system dependency in order to make everything work:You can target the whole network or a single known address. The ARP spoofing capabilities and multiple hosts discovery agents will make rest of the work easier.It has got a built-in credentials sniffer which can gather from the network the following information:You can start awith the --proxy argument, by default it will be logging HTTP requests. By specifying aargument custom modules can be loaded to manipulate HTTP traffic. Example modules can be found in theA built-in HTTP server comes with bettercap, allowing you to serve custom contents from your own machine without installing and configuring other softwares such as Apache, nginx or lighttpd. Bettercap allows custom JavaScript files to be used on the network. Thus custom script or image can be injected into HTTP responses using a transparent proxy module. Sounds Great? Go ahead and try this tool.