How to get user credentials using Bettercap

March 4, 2021
Browse All Blogs
In this post, learn how to use different modules available in the Bettercap for obtaining the user credentials and how you can spoof dns for redirecting the victim to the desired target. Let’s start without further ado
Attacker Machine: Kali Linux
Victim Machine: Windows 8.1

What is Bettercap

Bettercap is an efficient, easily extensible and portable platform written in Go that aims to provide an easy-to-use, all-in-one solution for security researchers, red teams and reverse engineers with all the features they can need to conduct reconnaissance and attack WiFi networks, Bluetooth Low Energy devices, wireless HID devices and Ethernet networks.
It can be said as Swiss Army knife for 802.11, recognition and MITM attacks on BLE and Ethernet networks.

Net Probe

First, start the net.probe module with command net.probe on. You can see the list of network available and can get the IP Address for the victim machine
After you get the IP address let’s start arp spoofing to get the packets.

ARP Spoofing

There are various parameters available for arp spoofing modules. You can use the parameters as per your requirements. Use command help <module name>   for getting help on the parameters
Here I am targeting a single machine therefore using option. Now if you want to scan for the entire networks. You can use the arp.spoof.internal option. Use command set arp.spoof.targets . And you are now ready to start your arp spoofing

Net Sniffing

Now let’s check what net.sniff parameters are using help command you can take a look at the parameters available. There are various parameters available in this module. Use them as per requirements
Here I am using net.sniff.output for creating an output file named pentest.pcap and net.sniff.verbose parameters. But if you want to search for the particular term in the packets you can use regexp option.
After starting net.sniff go to the victim machine and search anything you want in browser. Here I am searching, you can see that traffic is generating.
But as you can see that there is no http traffic captured. You need to start http proxy for intercepting the http traffic and injecting malicious code. Start the http.proxy.sslstrip by setting it’s value as true. You will be able to intercept the http traffic.

Getting Credentials.

Here I am using http login page. Run the command inurl: http login page in google. On the first link you will get Here I am using test  as username and thisisdummypassword  as password.
Now open the generated file pentest.pcap in wireshark and take a look at the traffic.
Now let’s search for the credentials in the traffic. You will get the post  request in which you will find the credentials.

DNS Spoofing

DNS Spoofing is used to send spoofed responses. There are various parameters available that can be used on various occasions. Here I am using to give the list of domains that I want to spoof. Use help dns.spoof  to get more information on parameters.
Use command set and give the name of the domains you want to spoof. Here I am using I am diverting the traffic to my default apache page.
Let's take a look on the
At the terminal and you can see that the response is spoofed.


The bettercap is swissknife for pen-tester, security auditors who can perform various types of attacks in one place. Here arp.spoof, net.spoof, http.proxy and dns spoofing modules are used. I hope you find this article interesting and you learned something new.

Users also read:

June 8, 2021
How To Use The Veil Framework To Get Around Antivirus Protection.

This post is to show how to evade anti-virus detection using the Veil framework, which is a set of tools built for penetration testing.

May 19, 2021
How to perform Man in the middle attack with Ettercap

Man in the middle attack allows the attacker to eavesdrop between clients, servers, and people. This attack may include HTTPS connections, SSL/TLS connections, and more. In this tutorial, I am going to use Ettercap to perform Arp poising in the man-in-the-middle attack with the help of Wireshark.

April 28, 2021
How To Access Android Phone Camera Using Kali Linux

In this tutorial, we will take a picture from the victim's smartphone camera without their knowledge. However, please note that this is post is for educational purposes and I have no responsibility for any illegal activity.

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram