fraggle/WebsiteTemplate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6f42a58ee5
WebsiteTemplate/cheatsheets/bettercap.html
Fraggle 6f42a58ee5
first commit
2026-01-25 11:33:37 -04:00

316 lines
9.2 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data:; connect-src 'self'; base-uri 'self'; form-action 'self' https://defcon.social https://bsky.app;">
<meta http-equiv="X-Content-Type-Options" content="nosniff">
<link rel="stylesheet" href="../assets/css/style.css">
<link rel="icon" type="image/x-icon" href="../favicon.ico">
<script>
(function() {
const theme = localStorage.getItem('theme') ||
(window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light');
document.documentElement.setAttribute('data-theme', theme);
})();
</script>
<title>bettercap Cheatsheet - Cheatsheets - Launch Pad</title>
</head>
<body>
<button class="theme-toggle" id="themeToggle" aria-label="Toggle dark mode">
<svg class="theme-icon theme-icon-moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path></svg>
<svg class="theme-icon theme-icon-sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" style="display: none;"><circle cx="12" cy="12" r="5"></circle><line x1="12" y1="1" x2="12" y2="3"></line><line x1="12" y1="21" x2="12" y2="23"></line><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line><line x1="1" y1="12" x2="3" y2="12"></line><line x1="21" y1="12" x2="23" y2="12"></line><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line></svg>
</button>
<br/><br/>
<div class="name">
__ _______________________ _________._________________________
\_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/
| __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_
| \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \
\___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ /
\/ \/ \/ \/ \/ \/ \/
</div>
<div class="blog-page-header">
<div class="blog-header-content">
<a href="/cheatsheets" class="back-link" title="Back to Cheatsheets">
<svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 24 24" class="home-icon"><path fill="currentColor" d="M10 20v-6h4v6h5v-8h3L12 3 2 12h3v8z"/></svg>
</a>
<h1 class="blog-page-title">bettercap Cheatsheet</h1>
</div>
</div>
<div class="blog-post-container">
<div class="blog-posts-container" style="max-width: 900px; margin: 0 auto;">
<div class="blog-post">
<div class="blog-post-content">
<p><a href="index.html">← Back to cheatsheets</a></p>
<p><a href="../index.html">← Home</a></p>
<hr>
<p>bettercap is a powerful network attack and monitoring framework. It can perform ARP spoofing, DNS spoofing, credential harvesting, and various network attacks.</p>
<hr>
<h2>Starting bettercap</h2>
<ul>
<li>bettercap - Start interactive session</li>
</ul>
<ul>
<li>bettercap -iface &lt;interface&gt; - Specify network interface</li>
</ul>
<ul>
<li>bettercap -eval "cmd1; cmd2" - Execute commands</li>
</ul>
<ul>
<li>bettercap -caplet &lt;file&gt; - Load caplet file</li>
</ul>
<ul>
<li>sudo bettercap - Start with root (required for most features)</li>
</ul>
<hr>
<h2>Core Commands</h2>
<ul>
<li>help - Show help</li>
</ul>
<ul>
<li>help &lt;module&gt; - Help for specific module</li>
</ul>
<ul>
<li>active - Show active modules</li>
</ul>
<ul>
<li>info - Show session info</li>
</ul>
<ul>
<li>version - Show version</li>
</ul>
<ul>
<li>exit / quit - Exit bettercap</li>
</ul>
<hr>
<h2>Network Discovery</h2>
<ul>
<li>net.probe on - Start network discovery</li>
</ul>
<ul>
<li>net.probe off - Stop network discovery</li>
</ul>
<ul>
<li>net.show - Show discovered hosts</li>
</ul>
<ul>
<li>net.recon on - Enable network recon</li>
</ul>
<ul>
<li>net.recon off - Disable network recon</li>
</ul>
<ul>
<li>set net.recon.sort true - Sort hosts by response time</li>
</ul>
<hr>
<h2>ARP Spoofing</h2>
<ul>
<li>arp.spoof on - Start ARP spoofing</li>
</ul>
<ul>
<li>arp.spoof off - Stop ARP spoofing</li>
</ul>
<ul>
<li>arp.spoof.internal true - Spoof internal traffic</li>
</ul>
<ul>
<li>arp.spoof.targets &lt;ip&gt; - Set target IP</li>
</ul>
<ul>
<li>arp.spoof.targets &lt;ip1,ip2&gt; - Set multiple targets</li>
</ul>
<ul>
<li>arp.spoof.fullduplex true - Full duplex mode</li>
</ul>
<ul>
<li>arp.ban on - Ban targets from network</li>
</ul>
<ul>
<li>arp.ban off - Stop banning targets</li>
</ul>
<hr>
<h2>DNS Spoofing</h2>
<ul>
<li>dns.spoof on - Start DNS spoofing</li>
</ul>
<ul>
<li>dns.spoof off - Stop DNS spoofing</li>
</ul>
<ul>
<li>dns.spoof.hosts &lt;domain&gt; - Spoof specific domain</li>
</ul>
<ul>
<li>dns.spoof.hosts "example.com-&gt;192.168.1.100" - Redirect domain to IP</li>
</ul>
<ul>
<li>set dns.spoof.all true - Spoof all DNS queries</li>
</ul>
<ul>
<li>set dns.spoof.domains "example.com,test.com" - Spoof multiple domains</li>
</ul>
<hr>
<h2>HTTP/HTTPS Proxy</h2>
<ul>
<li>http.proxy on - Start HTTP proxy</li>
</ul>
<ul>
<li>http.proxy off - Stop HTTP proxy</li>
</ul>
<ul>
<li>set http.proxy.port 8080 - Set proxy port (default 8080)</li>
</ul>
<ul>
<li>set http.proxy.sslstrip true - Enable SSL strip</li>
</ul>
<ul>
<li>https.proxy on - Start HTTPS proxy</li>
</ul>
<ul>
<li>https.proxy off - Stop HTTPS proxy</li>
</ul>
<ul>
<li>set https.proxy.port 8083 - Set HTTPS proxy port</li>
</ul>
<ul>
<li>set https.proxy.sslpem /path/to/cert.pem - Set SSL certificate</li>
</ul>
<hr>
<h2>Credential Harvesting</h2>
<ul>
<li>http.server on - Start HTTP server</li>
</ul>
<ul>
<li>set http.server.path /path/to/files - Set server path</li>
</ul>
<ul>
<li>set http.server.port 80 - Set server port</li>
</ul>
<ul>
<li>hstshijack/hstshijack - HTTPS downgrade attack</li>
</ul>
<hr>
<h2>WiFi Operations</h2>
<ul>
<li>wifi.recon on - Start WiFi reconnaissance</li>
</ul>
<ul>
<li>wifi.recon off - Stop WiFi reconnaissance</li>
</ul>
<ul>
<li>wifi.show - Show discovered access points</li>
</ul>
<ul>
<li>wifi.deauth &lt;ap&gt; - Deauthenticate clients</li>
</ul>
<ul>
<li>wifi.assoc &lt;ap&gt; - Associate with access point</li>
</ul>
<hr>
<h2>Event Logging</h2>
<ul>
<li>events.stream on - Start event stream</li>
</ul>
<ul>
<li>events.stream off - Stop event stream</li>
</ul>
<ul>
<li>events.show - Show captured events</li>
</ul>
<ul>
<li>events.clear - Clear events</li>
</ul>
<ul>
<li>events.ignore &lt;filter&gt; - Ignore events matching filter</li>
</ul>
<ul>
<li>events.feed &lt;file&gt; - Feed events to file</li>
</ul>
<hr>
<h2>Caplets</h2>
<ul>
<li>caplets.update - Update caplets</li>
</ul>
<ul>
<li>caplets.show - List available caplets</li>
</ul>
<ul>
<li>caplet &lt;name&gt; - Load caplet</li>
</ul>
<hr>
<h2>Common Examples</h2>
<h3>Basic ARP Spoofing</h3>
<pre><code>bettercap -iface eth0
# In bettercap prompt:
net.probe on
arp.spoof on
set arp.spoof.targets 192.168.1.100</code></pre>
<h3>DNS Spoofing</h3>
<pre><code>bettercap -iface eth0
# In bettercap prompt:
dns.spoof on
set dns.spoof.hosts "example.com-&gt;192.168.1.100"</code></pre>
<h3>HTTP Proxy</h3>
<pre><code>bettercap -iface eth0
# In bettercap prompt:
http.proxy on
set http.proxy.sslstrip true</code></pre>
<h3>WiFi Recon</h3>
<pre><code>bettercap -iface wlan0
# In bettercap prompt:
wifi.recon on
wifi.show</code></pre>
<h3>Complete Attack Chain</h3>
<pre><code>bettercap -iface eth0 -eval "net.probe on; arp.spoof on; dns.spoof on; http.proxy on; https.proxy on"</code></pre>
<h3>Ban Target from Network</h3>
<pre><code>bettercap -iface eth0
# In bettercap prompt:
arp.ban on
set arp.ban.targets 192.168.1.100</code></pre>
<h3>Load Caplet</h3>
<pre><code>bettercap -caplet caplets/http-ui.cap</code></pre>
<hr>
<h2>Tips</h2>
<ul>
<li>Always run bettercap with sudo for full functionality</li>
</ul>
<ul>
<li>Use net.probe to discover hosts before attacks</li>
</ul>
<ul>
<li>Combine ARP spoofing with HTTP proxy for traffic interception</li>
</ul>
<ul>
<li>Use DNS spoofing to redirect domains to attacker-controlled servers</li>
</ul>
<ul>
<li>Enable SSL strip to intercept HTTPS traffic (HTTP downgrade)</li>
</ul>
<ul>
<li>Use caplets for common attack scenarios</li>
</ul>
<ul>
<li>Check events stream for captured credentials and data</li>
</ul>
<ul>
<li>Use arp.ban to effectively disconnect targets from network</li>
</ul>
<ul>
<li>Always test on authorized networks only</li>
</ul>
<ul>
<li>WiFi operations require monitor mode interface</li>
</ul>
<hr>
<p><a href="index.html">← Back to cheatsheets</a></p>
<p><a href="../index.html">← Home</a></p>
</div>
</div>
</div>
</div>
<script async type="text/javascript" src="../blog/analytics.js"></script>
<script src="../theme.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink