Bettercap - a Complete, Modular, Portable and Easily Extensible MITM Framework.

Become a Patron!

Today I want to present my last project called bettercap.

Bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack.



Yet another MITM tool? C'mon, really?!!?

This is exactly what you are thinking right now, isn’t it? :D
But allow yourself to think about it for 5 more minutes … what you should be really asking is:

Does a complete, modular, portable and easy to extend MITM tool actually exist?

If your answer is “ettercap”, let me tell you something:

  • ettercap was a great tool, but it made its time.
  • ettercap filters do not work most of the times, are outdated and hard to implement due to the specific language they’re implemented in.
  • ettercap is freaking unstable on big networks … try to launch the host discovery on a bigger network rather than the usual /24 ;)
  • yeah you can see connections and raw pcap stuff, nice toy, but as a professional researcher I want to see only relevant stuff.
  • unless you’re a C/C++ developer, you can’t easily extend ettercap or make your own module.

Indeed you could use more than just one tool … maybe arpspoof to perform the actual poisoning, mitmproxy to intercept HTTP stuff and inject your payloads and so forth … I don’t know about you, but I hate when I need to use a dozen of tools just to perform one single attack, especially when I need to do some black magic in order to make all of them work on my distro or on OSX … what about the KISS principle?

So bettercap was born ( isn’t the name pure genius? XD ).

You can find infos on the project on the official website or on its github repository.