0

I am using bettercap command line to perform a Man in the Middle attack on my LAN network with an EDUCATIONAL purpose (of course!).

I want to intercept the TCP traffic, with the intention to view on my terminal the TLS certificate,public key etc. When I want to enable the TCP proxy by typing: bettercap -T [ip addr of a host in my network] --tcp-proxy , I get an error message which says: No TCP proxy upstream server specified (--tcp-proxy-upstream-address ADDRESS).

What is a TCP proxy upstream server and where do I find its address?

Thank you so much if you would help me with this issue.

Alice Langertton
  • 1
  • Did you read [the manpage](https://www.bettercap.org/legacy/#tcp)? According to that, it looks like you need to point it at whatever the target server is that the client will be communicating with, so bettercap knows where to send the packets. There are some examples that may help. – multithr3at3d Jun 16 '20 at 21:01
  • @multithr3at3d thank you for your reply. But do you have any idea where to find the address of a particular server that I want to target? – Alice Langertton Jun 16 '20 at 21:33
  • if you were trying to intercept a particular connection, you would know the server's address, likely from a packet capture. But it seems like you are trying to look at all connections? You don't need to do any proxying; as long as you are mitm you will be able to see all of the traffic – multithr3at3d Jun 16 '20 at 22:36
  • @multithr3at3d what I am trying to do is to view the TLS connection by using bettercap. So I want bettercap to display to me on the terminal for example the certificate, the public key and other necessary information from the TLS handshake phase (when a client connects to a server). So in practice I want for ex. to access "shopify.com" on my web browser and I want bettercap to show me the certificate of the web server of shopify,the public key,the key exchange algorithm that the client and the server agreed on, etc etc. To have this information, should I use the -tcp--proxy module? – Alice Langertton Jun 16 '20 at 22:59
  • @multithr3at3d because the only way I can have information about the TLS connection is by tcp packets isn't it? – Alice Langertton Jun 16 '20 at 23:00
  • Well, I've never used Bettercap. But I know it will arpspoof to force the victim's traffic through your computer. So if you just did that, and opened Wireshark, you should be able to see the victim's traffic there. The TCP proxying is probably only useful if you want to modify things. – multithr3at3d Jun 16 '20 at 23:17

0 Answers0