If you want to actively modify packets of a TCP protocol which is not HTTP or HTTPS, you’ll need the TCP proxy. This event-based proxy will allow you to intercept anything sent/received to/from a specific host using your own custom module.

Sample Module

The following example module won’t do anything but dumping the data being transmitted from/to the target, you can access the event object in order to modify the data on the fly.

If you want to load such module and dump all the ( let’s say ) MySQL traffic from/to the host you would do:

sudo bettercap --tcp-proxy-module example.rb --tcp-proxy-upstream

And you would be ready to go.



Enable the TCP proxy ( requires other --tcp-proxy-* options to be specified ).

--tcp-proxy-module MODULE

Ruby TCP proxy module to load.

--tcp-proxy-port PORT

Set local TCP proxy port, default to 2222.

--tcp-proxy-upstream-address ADDRESS

Set TCP proxy upstream server address.

--tcp-proxy-upstream-port PORT

Set TCP proxy upstream server port.

--tcp-proxy-upstream ADDRESS:PORT

Set TCP proxy upstream server address and port ( shortcut for --tcp-proxy-upstream-address ADDRESS and --tcp-proxy-upstream-port PORT ).