arp-and-dns-spoofing-with-bettercap

ARP and DNS Spoofing with Bettercap

Hi Everyone! welcome to pentestguy. In this article, we are going to focus on ARP spoofing and DNS spoofing with bettercap. When it comes to ARP spoofing or DNS spoofing bettercap is work like a butter.

What is Bettercap?

Bettercap is a sniffer that is a powerful, easily extensible, and portable framework written in Go that aims to offer security researchers, red teamers, and reverse engineers an easy-to-use, all-in-one solution with all the features they might need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices, and Ethernet networks.

As we know that Bettercap has lots of features as a sniffer, we are going to try here one of the basic features of it. People think that there is nothing going to be affected if someone monitors their traffic. But the thing is that if the data flows in plaintext, where the data will be credentials then it’s risky.

Install Bettercap

There are two ways to install Bettercap, the first is via golang and another one is using apt. Here we are using apt, run the below command to install bettercap on your Kali or parrot linux.

sudo apt install bettercap

Bettercap help

Now run the bettercap by simply typing the bettercap command in the terminal and you will get an interactive mode, to check all possible options use the help command.

bettercap-help

Scan for the available clients/targets connected to the network using the below command.

net.probe on
bettercap-net-probe-on

ARP Spoofing – Capture the http traffic

ARP spoofing, or Address Resolution Protocol spoofing, is a type of cyber attack where an attacker sends fake Address Resolution Protocol (ARP) messages over a local area network. These fake messages associate the attacker’s MAC address with the IP address of a legitimate network device, diverting traffic intended for that device to the attacker’s computer. This can be used for various malicious purposes, such as eavesdropping on network communications or launching further attacks.

After identifying the target, you need to perform ARP spoofing using the below command.

1: Check help for with the ARP spoofing module.

help arp.spoof
arp-spoofing-module-help

2: Turn on the ARP spoof module with all the required target inputs.

set arp.spoof.fullduplex true 
set arp.targets 192.168.79.129 
arp.spoof.on 
net.sniff on
arp-spoof-settings

3: Able to capture the http requests only, for https you can give a try for the tool named sslstripe

capture-http-traffics

DNS Spoofing

DNS spoofing is like giving someone the wrong phone number for a friend they want to call. Instead of reaching their friend, they end up talking to someone else. Similarly, in DNS spoofing, a sneaky trickster gives your device the wrong address for a website you want to visit, so you end up on a fake or harmful website instead of the real one.

1: Check help for with the DNS spoofing module.

help dns.spoof
dns-spoof-module-help

2: Set all the required options for DNS spoofing like target, domain, etc., and turn on the dns.spoof module

set dns.spoof.address 192,168.79.130 
set dns.spoof.domains amazon.com 
dns.spoof on
dns-spoof-settings

3: Go to your target system and test whether DNS spoofing is working fine or not.

Check using the ping utility

ping amazon.com
dns-spoofing-works-ping

Check-in browser

dns-spoofing-works-browser

Make sure that this article is purely for educational purposes only and we performed the practical in a self-hosted environment.

If you found this post helpful then please share it with your co-workers and friends. Please provide your valuable comments and let us know if there are any suggestions. Now you can also collaborate with us please check our collaboration page, thank you!