( ) is an attack where the attacker secretly relays and possibly alters the communications between two devices who believe that they are directly communicating with each other. In order to perform man in the middle attack, we need to be in the same network as our victim because we have to fool these two devices. Now lets initiate the attack by running our tools which is bettercap. To run bettercap we can simply open up terminal and type . To know which network interface is used we can simply type and here is what it shows us. Man-in-the-middle attack MITM bettercap -iface [your network interface which connected to the network] ifconfig In my case it is wlan0, so im just gonna type and press enter. bettercap -iface wlan0 As you can see now we already inside the tool, but it’s just a blank space without any information. In order to make our work easier we can type help and then press enter here is what it shows us. Now we have some information about this tool, but our concern here is the module. For more information we can type help followed by module’s name for example help net.probe. So, this module consist of several parameter, but for now let just keep it default and turn on the module by typing net.probe on. Now the module is already running, what actually happen is the module scanning all the devices connected to the same network as our pc, including it’s ip address, mac address and vendor’s name. To make things clearer we can type for further information. net.show So, Raspberry Pi is my device used to perform this attack and my ip address is 192.168.1.4. The router ip address is 192.168.1.1 knew it by Name column that is shows gateway and the rest is client connected to this network. Now we can choose which one to be our victim, for example im gonna choose 192.168.1.3 which is my own laptop running windows 10. Now lets see the module named arp.spoof. Just like previous module it’s consist of several parameter. First lets take a look at arp.spoof.fullduplex parameter. In order to be the man in the middle we need to fool both the victim and the router by telling the router that victim’s mac address is our mac address and telling victim that router’s mac address is our mac address. So we need to set this parameter to true by typing Secondly we need to set parameter by simply giving it ip address of our victim. So in my case it will be set arp.spoof.fullduplex true. arp.spoof.targets set arp.spoof.targets 192.168.1.3. After setting these 2 parameter we are ready to fire up this module by typing But wait a second lets go to windows 10 and type arp -a. arp.spoof on. Like we already know when we type command that my router ip’s is 192.168.1.1 and its mac is e4:**:**:**:**:e4 which is the real one. So weird thing have not happened. Lets go back to raspberry pi and fire up arp.spoof by typing net.show arp.spoof on. Now we already in the middle of our victim which is my windows 10 and my router. To make sure lets open up cmd on windows 10 and type arp -a, here is what it shows us. As we can see that the mac address of our router changed to b8:**:**:**:**:08 which is my raspberry pi mac addresses, in other word we successfully fools windows 10 by telling it that ‘i am the router’ so that every request windows 10 make will go through raspberry pi. Now we can do packet sniffing using net.sniff module, so lets turn it on by typing net.sniff on. Press enter and then im gonna move to windows 10 and open . vulnweb.com Nothing is weird on the browser everything is just fine. Now if we move to raspberry pi here is what we will see. Yeah! we know that our victim is accessing vulnweb.com as i just did on my windows 10. Long story short we are just the third person in a harmonic relationship :( Don’t forget to enjoy your life :) Previously published at https://medium.com/@luthfir96/man-in-the-middle-attack-with-bettercap-24ac2d412769
![10 Best Object-Oriented Online Programming and Design Courses 2020 [Updated]](https://firebasestorage.googleapis.com/v0/b/hackernoon-app.appspot.com/o/images%2FMQzhgEvAeOXyPo3IjFRz4IZU3K83-r85m3uu7.jpeg?alt=media&token=52050782-8c47-4a38-85af-94636f190ad2&auto=format&fit=max&w=3840)
