Man in the Middle – bettercap Exercise
1. Introduction
In this exercise you did learn how to perform an ARP Spoofing attack with bettercap inside a VM LAB (same broadcast domain). I had some problems by setting up this exercise, because virtualbox gave both VM’s with NAT configuration the same IP Adress. I was able to solve that by creating a new NAT Adapter inside virtualbox.
- Explain why bettercap was able to capture the ftp credentials
- do a research for bettercap and find out what caplets are
- read these examples: https://www.cyberpunk.rs/bettercap-usage-examples-overview-custom-setup–
caplets
2. Answers
- FTP Credentials are easy to catch with a MitM Attack, because ftp does not use encryption.
user: dduck
pass: ILoveBitcoins!
In case of https Connections, the sslstripe modul tries to perform a downgrade attack, that the connections switches back to http which is unencrypted.
- I see, bettercap is very powerful and with caplets I get eager to play with it more.
Bettercap caplets, or .cap files are a powerful way to script bettercap’s interactive sessions, think about them as the .rc files of Metasploit.
Many bettercap caplets can be found here:
https://github.com/bettercap/caplets
Some examples are:
- airodump.cap
- ap.cap
- ap-config.cap
- beef-active.cap
- beef-passive.cap
- crypto-miner.cap
- download-autopwn
- download-autopwn.cap
- fb-phish.cap
- gps.cap
PDF Report:
bettercap#1