Bettercap – The Swiss Army knife for 802.11, BLE and MITM Attacks and Ethernet Networks Reconnaissance

Bettercap - The Swiss Army knife for 802.11, BLE and Ethernet Networks Reconnaissance and MITM Attacks

Man in the middle attack is very popular method to intercept communications between victim and another device, with “Bettercap” you can easily perform man in the middle attack and perform BLE and ethernet networks reconnaissance. You can learn how hacker can intercept your communications with practice how Bettercap is work.


Bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to useall-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices and Ethernet networks.

Bettercap - intercept communications with man in the middle attack

Main Features

  • WiFi networks scanning, deauthentication attackclientless PMKID association attack and automatic WPA/WPA2 client handshakes capture.
  • Bluetooth Low Energy devices scanning, characteristics enumeration, reading and writing.
  • 2.4Ghz wireless devices scanning and MouseJacking attacks with over-the-air HID frames injection (with DuckyScript support).
  • Passive and active IP network hosts probing and recon.
  • ARP, DNS and DHCPv6 spoofers for MITM attacks on IP based networks.
  • Proxies at packet level, TCP level and HTTP/HTTPS application level fully scriptable with easy to implement javascript plugins.
  • A powerful network sniffer for credentials harvesting which can also be used as a network protocol fuzzer.
  • A very fast port scanner.
  • A powerful REST API with support for asynchronous events notification on websocket to orchestrate your attacks easily.
  • A very convenient web UI.
  • More!

About the 1.x Legacy Version

While the first version (up to 1.6.2) of bettercap was implemented in Ruby and only offered basic MITM, sniffing and proxying capabilities, the 2.x is a complete reimplementation using the Go programming language.

This ground-up rewrite offered several advantages:

  • bettercap can now be distributed as a single binary with very few dependencies, for basically any OS and any architecture.
  • 1.x proxies, although highly optimized and event based, used to bottleneck the entire network when performing a MITM attack, while the new version adds almost no overhead.
  • Due to such performance and functional limitations, most of the features that the 2.x version is offering were simply impossible to implement properly (read as: without killing the entire network … or your computer).

For this reason, any version prior to 2.x is considered deprecated and any type of support has been dropped in favor of the new implementation. An archived copy of the legacy documentation is available here, however it is strongly suggested to upgrade.

Documentation and Examples

The project is documented here.

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

two × 3 =