1. OSX Mass Pwning using BetterCap and the Sparkle Updater Vulnerability.

    Yesterday Radek from VulnSec posted an interesting article named "There's a lot of vulnerable OS X applications out there.", he discovered that the Sparkle update system ( used by some very popular OSX apps such as VLC, Adium, iTerm and so forth ) uses HTTP instead of HTTPS to fetch updates informations…

    on bettercap mitm man in the middle rce sparkle proxy module update

  2. Why you shouldn't trust CloudFlare's "Flexible SSL" and how to bypass it with BetterCap

    Let me clear one thing about this post ... this is not a CloudFlare vulnerability report and, even in that case, there's really nothing they could do in order to fix it unless they'd block direct traffic to HTTP websites. This is only a blog post about why you shouldn't blindly…

    on security bettercap mitm ssl https http ssl stripping sslstrip sslstripping cloudflare flexible ssl hsts

  3. Autopwn every Android < 4.2 device on your network using BetterCap and the "addJavascriptInterface" vulnerability.

    Recently I've been playing with Android's WebView based vulnerabilities, focusing on how to exploit them using a MITM attack. One of the most interesting ones is the addJavascriptInterface vulnerability ( CVE-2012-6636 ) which affects every device running a version older than Android 4.2. NOTE The original title of this post was…

    on hack android hacking bettercap transparent proxy addJavascriptInterface proxy vulnerability

  4. BetterCap and the first REAL DoubleDirect ICMP Redirect Attack

    The next release of bettercap will include a new spoofer module as an alternative to the default ARP spoofer. The new module performs a fully automated and full duplex ICMP Redirect MITM attack, what my collegues at Zimperium discovered and called a DoubleDirect attack. BetterCap will be the very first…

    on bettercap icmp icmp redirect double direct doubledirect zimperium spoofing spoofer icmp spoofing routing routing table

  5. Past, present and future of Bettercap

    Four months passed since my first blog post about bettercap, a lot of fixes have been released and a lot of new features have been implemented. In this post I'd like to talk about some of these new features and describe them a little bit, this is basically a big…

    on open source hacking project bettercap mitm oss changelog progress

  6. Karma: How Open Source changed my life.

    ( or “How the anarchy of ideas can change things” ) This time I've decided to write a purely personal post, mainly because I've reached a stage in my life in which I believe I've understood a number of things that I'd like to share, in the hopes of helping someone facing…

    on open source dsploit life job