2

I am new with bettercap, I am trying to do a simple ARP Spoof attack. Reading the online doc, I tried with:

1) bettercap # launch bettercap '

2) set arp.spoof.targets "MYVICTIM IP" #example : 192.168.1.6

3) arp.spoof on

but this doesn't work, I can't see any of my victim's packets. Any suggestion?

catsking
  • 23
  • 1
  • 5

1 Answers1

1

You're missing 2 key things here:

  1. You need to enable full duplex arp spoofing (so the target thinks you're the router, the router thinks you're the target). Enter set arp.spoof.fullduplex true in bettercap for this.
  2. You need to tell bettercap to sniff for traffic (assuming you're not using another tool). You can do this with net.sniff on, again in bettercap.

If that cuts off the internet for the target, make sure you've enabled IP forwarding (https://unix.stackexchange.com/questions/14056/what-is-kernel-ip-forwarding).

OMGtechy
  • 111
  • 3