Caplets - rhaidiz/bettercap GitHub Wiki

Caplets, or .cap files are a powerful way to script bettercap's interactive sessions, think about them as the .rc files of Metasploit. You will find updated caplets and modules in this repository, you're strongly invited to check it out in order to fully understand the features of this tool.

How to Install / Update

Caplets can be installed and updated using the caplets module.

From the command line

sudo bettercap -eval "caplets.update; q"

From bettercap itself

> caplets.update

How to Use

Caplets can be used in two ways.

From the interactive session

Whenever you type a command which is not recognized by the interactive session, bettercap will try to load the relative caplet file, let's see an example.

> reload arp.spoof

Normally, this would print the following error due to reload not being a recognized command:

Unknown or invalid syntax "reload arp.spoof", type help for the help menu.

Let's try to create the file reload.cap in our current folder, with the following lines:

$0 off
$0 on

If we try to execute reload arp.spoof again, we will see how the session won't print the same error message again, but instead it's executing the lines:

arp.spoof off
arp.spoof on

As you can imagine, you can define custom commands this way, $0 will be replaced with the first argument, $1 with the second and so on.

The loading order is:

  1. ./reload.cap
  2. ./caplets/reload.cap
  3. Any folder in the environment variable $CAPSPATH if defined (values are separated by : like in $PATH).

From the command line

Using the -caplet command line argument, for example:

$ sudo bettercap -caplet ./example.cap

Will load the example.cap file for the current folder. Additional parameters can be used to configure caplets, for instance, while the following command line with spoof and print HTTP request for the whole network:

$ sudo bettercap -caplet path/to/caplets/http-req-dump.cap

This will only target a specific ip by overriding the arp.spoof.targets variable:

$ sudo bettercap -caplet path/to/caplets/http-req-dump.cap -eval "set arp.spoof.targets 192.168.1.5"