If you want to actively modify packets of a TCP protocol which is not HTTP or HTTPS, you’ll need the TCP proxy. This event-based proxy will allow you to intercept anything sent/received to/from a specific host using your own custom module.
The following example module won’t do anything but dumping the data being transmitted from/to the target, you can access the event object in order to modify the data on the fly.
If you want to load such module and dump all the ( let’s say ) MySQL traffic from/to the
mysql.example.com host you would do:
sudo bettercap --tcp-proxy-module example.rb --tcp-proxy-upstream mysql.example.com:3306
And you would be ready to go.
Enable the TCP proxy ( requires other
--tcp-proxy-* options to be specified ).
Ruby TCP proxy module to load.
Set local TCP proxy port, default to
Set TCP proxy upstream server address.
Set TCP proxy upstream server port.
Set TCP proxy upstream server address and port ( shortcut for
--tcp-proxy-upstream-address ADDRESS and
--tcp-proxy-upstream-port PORT ).