Bettercap Basics: Your Ultimate Guide to Network Penetration Testing

XoX
5 min readJan 30, 2025

--

Bettercap is a powerful network security tool designed for penetration testers and ethical hackers. Whether you’re exploring Wi-Fi hacking, ARP spoofing, or DNS manipulation, Bettercap simplifies complex tasks with its modular and user-friendly interface. In this tutorial, we’ll guide you through its installation, key features, and practical use cases to help you get started. Let’s dive into mastering Bettercap!

.

Introduction:

In the world of ethical hacking and penetration testing, Bettercap stands out as a powerful and versatile tool. Whether you’re testing network vulnerabilities or conducting reconnaissance, Bettercap offers a streamlined experience for professionals and enthusiasts alike. This tutorial will guide you through Bettercap’s key functionalities, ensuring you can leverage it effectively for your ethical hacking projects.

What is Bettercap?

Bettercap is an advanced, modular, and flexible tool designed for network monitoring, traffic manipulation, and various types of network attacks. Written in Go, it offers better performance and supports various protocols, making it a go-to solution for ethical hackers.

Why Use Bettercap?

  • User-Friendly Interface: Offers CLI-based interaction with an easy-to-navigate modular architecture.
  • Multi-Platform Support: Compatible with Linux, macOS, Windows, and Raspberry Pi.
  • Extensive Functionality: Supports Wi-Fi hacking, DNS spoofing, HTTPS bypass, and more.
  • Open Source: Freely available for modification and enhancement.

Installing Bettercap:

On Linux:

1️⃣Update your package list:
sudo apt update && sudo apt upgrade

2️⃣Install the dependencies:
sudo apt install build-essential libpcap-dev libusb-1.0-0-dev libnetfilter-queue-dev

3️⃣Install Bettercap using APT:
sudo apt install bettercap

On macOS:

brew install bettercap

On Windows:

1️⃣Download the latest Windows binary from the official Bettercap GitHub repository.

2️⃣Extract the downloaded archive to a preferred location on your system.

3️⃣Open the Command Prompt and navigate to the Bettercap directory.

4️⃣Run Bettercap using the bettercap.exe executable.

Getting Started with Bettercap:

After installation, run the tool with:

sudo bettercap

Common Commands:

1️⃣Show available modules:
help

2️⃣List network interfaces:
net.show

3️⃣Set a target:
set net.recon.targets 192.168.1.0/24

4️⃣Start network reconnaissance:
net.recon on

Key Features and Use Cases:

1. ARP Spoofing

Intercept and manipulate traffic between devices on the network.

set arp.spoof.targets 192.168.1.10
arp.spoof on

2. DNS Spoofing

Redirect DNS queries to a malicious IP.

set dns.spoof.domains example.com
set dns.spoof.address 192.168.1.100
dns.spoof on

3. Wi-Fi Hacking

Bettercap supports Wi-Fi attacks like deauth and probe request monitoring.

wifi.recon on
wifi.assoc on

4. HTTPS Bypass

Perform man-in-the-middle attacks to intercept HTTPS traffic.

5. Web UI

To use the UI of the tool use the command;

To use UI:
sudo bettercap -eval "ui on"

Practical:

Start Bettercap on your interface as shown below;

To see a list of available commands and modules, you can enter help.

To see details on currently running modules at any time, use the active command.

For a detailed module explanation, including its parameters, enter
help <module_name_here>.For example, let’s look at the info for the net.probe module.

Use the arp -a cmd to get interface details.

Now, we check the ARP table on the Windows machine; we see that our attacking machine has the same MAC address as the gateway.

Set the target we want to spoof and then turn ON the module here it’s
arp.spoof on.

As the traffic starts to flow and the target is communicating, the packets can be captured.

To quit the Bettercap, simply type the ‘q’, and it’s done.

More Advance Commands:

1. -no-history

Disable the interactive session history file ~/.bettercap.history

2. -silent

Suppress all logs which are not errors.

3. -debug

Enable debug messages (must be used to report bugs

4. !COMMAND

Execute a shell command and print its output into the session.

For more commands and details visit: https://www.bettercap.org/

Practical Tips:

  • Always test in environments where you have explicit permission.
  • Use the --help flag for detailed command usage.
  • Combine Bettercap with tools like Wireshark for advanced analysis.
  • Each command can either be executed singularly, or concatenated by the ; operator, for instance, instead of typing:
    clear
    net.show
    You can simply type:
    clear; net.show

Conclusion:

Bettercap is a must-have tool in any ethical hacker’s arsenal. Its robust features and ease of use make it ideal for network penetration testing. By following this tutorial, you’ve taken the first step toward mastering Bettercap. Stay tuned for more tutorials and practical examples to enhance your skills!

.

Please read our other blogs and stay updated on technology and cyber security.

☣ ️Happy Hacking! ☣ ️
— XoX

--

--

XoX
XoX

Written by XoX

CEHv12 | TCM PEH - SOC 101 - OSINT - Linux | Red Team | Blue Team | Cyber Security Analyst | Penetration Testing | Security is a Joke | Fs.

No responses yet