MITM Attacks

Bettercap

Overview

Bettercap is a network sniffing, MITM (man-in-the-middle), and ARP poisoning tool that can be used to perform a variety of attacks on wireless and Ethernet networks. It is a popular tool among security researchers and penetration testers, as it can be used to steal sensitive data, inject malicious traffic, and redirect users to fake websites.

Bettercap is a powerful tool, but it can also be dangerous if used in the wrong hands. It is important to note that Bettercap is illegal to use without the permission of the network owner.

Imagine you are a waiter at a restaurant. Every customer who comes in has to walk through your station to get to their table. As they walk by, you can see what they are ordering, where they are sitting, and even what they are talking about.

Bettercap is like a waiter for network traffic. It sits on your computer and sees all of the traffic that is flowing through your network. This includes traffic from all of the devices on your network, as well as traffic from devices outside of your network that are trying to connect to your devices.

Once Bettercap has seen a piece of traffic, it can do a variety of things with it. It can log the traffic, modify it, or even drop it altogether. Bettercap can also be used to perform more sophisticated attacks, such as man-in-the-middle attacks and ARP poisoning attacks.

Man-in-the-middle attacks are a type of attack where Bettercap intercepts traffic between two devices and pretends to be one of the devices. This allows Bettercap to steal sensitive data, such as passwords and credit card numbers.

ARP poisoning attacks are a type of attack where Bettercap tricks devices on your network into thinking that it is the router. This allows Bettercap to redirect traffic to fake websites or to perform other malicious activities.

:: bettercap

GitHub - bettercap/bettercap: The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.GitHub

MITM Using Bettercap

1. Lunch bettercap

sudo bettercap

1. Show all models running in bettercap

help

1. Show all connected devices

net.probe on

1. Show all connected divices on a table

net.show

1. Scan WIFIs

wifi.show

1. Setting up an arp spoofing attack to a target

set arp.spoof.targets [target ip]

you can arp spoof the whole network by typing:

set arp.spoof.internal true 

1. Start an arp spoofing attack

arp.spoof on

1. save the attack output as an pcap file (to analyze it on Wireshark)

set net.sniff.output pentest.pcap

to save all the information in the pcap file type this command:

set net.sniff.verbose true

1. let's Start sniffing

net.sniff on

to stop sniffing type:

net.sniff off

DNS Spoofing Using Bettercap

1. Selecting the IP Address to map the domaine to

set dns.spoof.address [the attacker IP]

1. Selecting the Domains to spoof

set dns.spoof.domains [the attacked Domaine]

1. Start DNS Spoofing

dns.spoof on

to stop dns spoofing type

dns.spoof off

YouTube Tutorials

You can check those YouTube Videos/Tutorials about Bettercap (MITM)

• This YouTube Video created by Motasem Hamdan

• This YouTube Video created by Nour's tech talk

• This YouTube Video created by Maythom

• This YouTube Video created by FreeEduHub

• This YouTube Video created by Loi Liang Yang

• This YouTube Video created by Nour's tech talk

Evil Twin

Overview

Evil twin attacks are a type of man-in-the-middle attack where the attacker creates a fake Wi-Fi network that looks identical to a legitimate one. When a victim connects to the fake network, the attacker can intercept their traffic and steal their data.

To carry out an evil twin attack, the attacker needs to set up a rogue access point (AP) that is broadcasting the same SSID (network name) and BSSID (MAC address) as a legitimate AP. This can be done using a variety of tools and techniques, such as software-defined radios (SDRs) or Wi-Fi adapters that support packet injection.

Once the rogue AP is set up, the attacker will need to deauthenticate victims from the legitimate AP so that they will connect to the rogue AP instead. This can be done by sending deauthentication packets to the victims.

Once the victims are connected to the rogue AP, the attacker can intercept their traffic and steal their data. This can include things like login credentials, credit card numbers, and other sensitive information.

GitHubGitHub

YouTube Tutorials

You can check those YouTube Videos/Tutorials about Evil Twin Cracking

• This YouTube Video created by zSecurity

• This YouTube Video created by Null Byte

• This YouTube Video created by Maythom

Steal Wi-Fi Passwords with an Evil Twin AttackWonderHowTo

Protect yourself from an Evil Twin Attack

To protect yourself from evil twin attacks, you should:

• Only connect to Wi-Fi networks that you trust.

• If you are unsure whether a network is legitimate, ask the network owner for the password.

• Use a VPN when connecting to public Wi-Fi networks.

• Keep your antivirus software up to date.

• Be careful about what information you share online.

• Be aware of your surroundings. If you are in a public place and you see a Wi-Fi network that you don't recognize, be suspicious.

• Use a strong password for your Wi-Fi network.

• Change your Wi-Fi password regularly.

• Enable encryption on your Wi-Fi network.

• Keep your firmware up to date.

If you think you have been the victim of an evil twin attack, you should change your passwords immediately and contact your bank or credit card company to report any fraudulent charges. You should also contact the network owner of the legitimate network to let them know about the fake network.