Difference between revisions of "MITM: bettercap"

From OnnoWiki
Jump to navigation Jump to search
 
Line 17: Line 17:
  
 
We will be installing Bettercap, doing a quick sniffing exercise, and then a more detailed section on grabbing the password. Will demonstrate the password grabbing on outlook.com, which seems to be particularly vulnerable to this attack.
 
We will be installing Bettercap, doing a quick sniffing exercise, and then a more detailed section on grabbing the password. Will demonstrate the password grabbing on outlook.com, which seems to be particularly vulnerable to this attack.
Installing bettercap
 
  
Installation is simple-
+
==Instalasi==
  
  apt-get update
+
  apt update
 
  apt-get dist-upgrade
 
  apt-get dist-upgrade
  apt-get install bettercap
+
  apt- install bettercap
  
The above three commands will leave you with latest versions of Kali and bettercap.
+
.
 
 
PS: I am writing this tutorial from a location with slow internet connection, and hence didn't perform the dist-upgrade step. However, bettercap seems to be running mostly fine. There may be a few difference in what you observe and what I show in this demo due to this difference in versions. For those who want to know the versions of various utilities that I'm using, take a look below. If you are unfamiliar with Linux, you're best off using the latest versions of everything, which can be obtained by running the three commands I mentioned earlier.
 
 
 
new@kali:~$ uname -a
 
Linux kali 4.7.0-kali1-amd64 #1 SMP Debian 4.7.6-1kali1 (2016-10-17) x86_64 GNU/Linux
 
 
 
new@kali:~$ bettercap -v
 
bettercap 1.5.8
 
 
 
new@kali:~$ ruby -v
 
ruby 2.3.1p112 (2016-04-26) [x86_64-linux-gnu]
 
 
 
Not on Kali?
 
The readme on github repository of bettercap is quite comprehensive, and would help you install bettercap on most linux distributions. After installation the process should be same for Kali or any other Linux distribution.
 
  
  

Latest revision as of 19:56, 2 October 2018

Sumber: https://www.kalitutorials.net/2016/12/bettercap-mitm-for-sniffing-traffic-and.html



Bettercap : MITM attack for sniffing traffic and passwords By Shashwat Chaudhary December 06, 2016 bettercap, kali, mitm, outlook, password, ruby, sniffing 

   Disclaimer - TLDR; some stuff here can be used to carry out illegal activity, our intention is, however, to educate

Contents 

   Installation
   Sniffing Traffic
   Getting password

We will be installing Bettercap, doing a quick sniffing exercise, and then a more detailed section on grabbing the password. Will demonstrate the password grabbing on outlook.com, which seems to be particularly vulnerable to this attack.

Instalasi

apt update
apt-get dist-upgrade
apt- install bettercap

.


Sniffing Traffic There's nothing special about the usual sniffing traffic functionailty of bettercap. Bettercap can easily performing sniffing on your local area network. It also lets you write the output to a pcap file and later analyze it with WireShark or some other tool of your choice. I'll just give a simple demo here. The real fun is in the capturing passwords section.

Run the command- 

   bettercap --sniffer

Sniffing traffic: Screenshot shows my lenovo smartphone's requests to truecaller being sniffed 

You'll see all the websites being visited by all the devices on the network. Press ctrl+c to stop.

Take a look at the help manual for more commands, or read the wonderful documentation.


Internet stopped working There are plenty of open issues on the github page of bettercap. The one problem I faced was that after bettercap had finished running, the internet connection on the attacker machine (Kali) would be killed. I fixed it by simply turning restarting the wlan0 interface (turn it off and on from the gui or use ifconfig commands). Some people reported that Bettercap killed internet connection for all hosts. If you face a different issue, take a look here and see if you can find a solution.


Capturing passwords The fun part lies here. Bettercap uses sslstrip to change https webpages to simple http ones, which ensures that the passwords are transferred in clear text, and you can read them without any issues. I will be targeting my lenovo phone from my Kali machine. First, you must find the IP of your target. This can be done by simply running bettercap and waiting for all machines on your network to show up. Once they do, you can identify the one you're trying to attack, and note it's IP. Then use this IP as the target IP. Let's look at the steps first. PS: I'm assuming you connected to the network you are attacking using the wlan0 interface. If not, specify your interface using the -I option. 

   Run the command bettercap on the terminal
   Wait for bettercap to acquire targets.
   When bettercap discovers the target you're looking for, note down it's IP address. Let's call it TARGET_IP.
   Press ctrl+c to stop bettercap (if internet connectivity is lost, as was in my case, restart your wlan0 interface)
   Run this command - bettercap -T TARGET_IP --proxy -P POST (replace TARGET_IP with the appropriate IP)

In my case, my target was my Lenovo smartphone. It was detected by bettercap, and i noted down it's IP. 192.162.2.2 is what I'll use as my TARGET_IP Now your attacker machine is ready and listening for traffic on the network. Once your victim opens any login page, bettercap will use sslstrip to remove the https from the URL, and once the target enters his/her login credentials, you will see them in cleartext.

Let's look at a demo run of the above procedure.

Capturing passwords entered on Outlook by smartphone user on same LAN/WLAN This section is simply going to be a set of pictures with captions below them explaining stuff. It should be easy to follow I hope.


Referensi

Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=MITM:_bettercap&oldid=51919"