sudo apt update
sudo apt install golang git build-essential libpcap-dev libusb-1.0-0-dev libnetfilter-queue-dev
go get github.com/bettercap/bettercap
cd $GOPATH/src/github.com/bettercap/bettercap
make build
sudo make install
Usage of /home/justin-p/go/bin/bettercap:
-autostart string
Comma separated list of modules to auto start. (default "events.stream")
-caplet string
Read commands from this file and execute them in the interactive session.
-cpu-profile file
Write cpu profile file.
-debug
Print debug messages.
-env-file string
Load environment variables from this file if found, set to empty to disable environment persistence.
-eval string
Run one or more commands separated by ; in the interactive session, used to set variables via command line.
-gateway-override string
Use the provided IP address instead of the default gateway. If not specified or invalid, the default gateway will be used.
-iface string
Network interface to bind to, if empty the default interface will be auto selected.
-mem-profile file
Write memory profile to file.
-no-colors
Disable output color effects.
-no-history
Disable interactive session history file.
-silent
Suppress all logs which are not errors.
-version
Print the version and exit.
# Before starting
sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode monitor
sudo systemctl stop wpa_supplicant
sudo systemctl stop NetworkManager.service
# Start
sudo ~/go/bin/bettercap -iface eth0 -eval "set wifi.interface wlan0; wifi.recon on"
# After bettercap
sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode managed
sudo systemctl restart wpa_supplicant
sudo systemctl restart NetworkManager.service
wifi.recon onStart 802.11 wireless base stations discovery and handshakes/PMKID capture.
wifi.recon offStop 802.11 wireless base stations discovery.
wifi.clearClear all access points collected by the WiFi discovery module.
wifi.recon BSSIDSet 802.11 base station address to filter for.
wifi.recon clearRemove the 802.11 base station filter.
wifi.assoc BSSIDSend an association request to the selected BSSID in order to receive a RSN PMKID key (use all, * or ff:ff:ff:ff:ff:ff to iterate for every access point).
wifi.deauth BSSIDStart a 802.11 deauth attack, if an access point BSSID is provided, every client will be deauthenticated, otherwise only the selected client (use all, * or ff:ff:ff:ff:ff:ff to deauth everything).
wifi.showShow current wireless stations list (default sorting by RSSI).
wifi.show.wps BSSIDShow WPS information about a given station (use all, * or ff:ff:ff:ff:ff:ff to select all).
wifi.recon.channel CHANNELComma separated list of channels to hop on.
wifi.recon.channel clearEnable channel hopping on all supported channels.
wifi.apInject fake management beacons in order to create a rogue access point ( requires wifi.recon to run ).
| parameter | default | description |
|---|---|---|
wifi.interface |
If filled, the module will use this interface instead of the one provided by the -iface argument or detected automatically. |
|
wifi.region |
BO |
Set the WiFi region to this value before activating the interface. |
wifi.txpower |
30 |
Set WiFi transmission power to this value before activating the interface. |
wifi.rssi.min |
-200 |
Minimum WiFi signal strength in dBm. |
wifi.show.manufacturer |
false |
If true, wifi.show will also show the devices manufacturers. |
wifi.show.filter |
Defines a regular expression filter for wifi.show. |
|
wifi.show.sort |
rssi asc |
Defines sorting field (rssi, bssid, essid, channel, encryption, clients, seen, sent, rcvd) and direction (asc or desc) for wifi.show. |
wifi.show.sort |
asc |
Defines sorting direction for wifi.show. |
wifi.show.limit |
0 |
If greater than zero, defines limit for wifi.show. |
wifi.hop.period |
250 |
If channel hopping is enabled (empty wifi.recon.channel), this is the time in millseconds the algorithm will hop on every channel (it’ll be doubled if both 2.4 and 5.0 bands are available). |
wifi.handshakes.file |
~/bettercap-wifi-handshakes.pcap |
File path of the pcap file to save handshakes to. |
wifi.source.file |
If set, the wifi module will read from this pcap file instead of the hardware interface. | |
wifi.skip-broken |
true |
If true, dot11 packets with an invalid checksum will be skipped. |
wifi.assoc.skip |
Comma separated list of BSSID to skip while sending association requests. | |
wifi.assoc.silent |
false |
If true, messages from wifi.assoc will be suppressed. |
wifi.assoc.open |
false |
Send association requests to open networks. |
wifi.deauth.skip |
Comma separated list of BSSID to skip while sending deauth packets. | |
wifi.deauth.silent |
false |
If true, messages from wifi.deauth will be suppressed. |
wifi.deauth.open |
true |
Send wifi deauth packets to open networks. |
wifi.ap.ssid |
FreeWifi |
SSID of the fake access point. |
wifi.ap.bssid |
<random mac> |
BSSID of the fake access point. |
wifi.ap.channel |
1 |
Channel of the fake access point. |
wifi.ap.encryption |
true |
If true, the fake access point will use WPA2, otherwise it’ll result as an open AP. |
Run bettercap using eth0 as the main interface but start the wifi module on wlan0 instead:
sudo bettercap -iface eth0 -eval "set wifi.interface wlan0; wifi.recon on"
Keep deauthing clients from the access point with BSSID DE:AD:BE:EF:DE:AD every five seconds:
> set ticker.period 5; set ticker.commands "wifi.deauth DE:AD:BE:EF:DE:AD"; ticker on
Use the ticker and wifi.recon modules to create a WiFi scanner (performing channel hopping on every supported frequency):
> set ticker.commands "clear; wifi.show"; wifi.recon on; ticker on
Sort by BSSID and filter for BSSIDs starting with F4:
> set wifi.show.sort bssid asc
> set wifi.show.filter ^F4
> wifi.show
Only recon on channels 1, 2 and 3:
> wifi.recon.channel 1,2,3; wifi.recon on
Will send management beacons as the fake access point “Banana” with BSSID DE:AD:BE:EF:DE:AD on channel 5 without encryption:
> set wifi.ap.ssid Banana
> set wifi.ap.bssid DE:AD:BE:EF:DE:AD
> set wifi.ap.channel 5
> set wifi.ap.encryption false
> wifi.recon on; wifi.ap