As previously described in the introduction section, spoofing is the very hearth of every MITM attack. These options will determine which spoofing technique to use and how to use it.

BetterCap already includes an ARP spoofer ( working both in full duplex and half duplex mode which is the default ), a DNS spoofer and the first, fully working and completely automatized ICMP DoubleDirect spoofer in the world


Use the good old ARP spoofing:

sudo bettercap or sudo bettercap -S ARP or sudo bettercap --spoofer ARP

Use a full duplex ICMP redirect spoofing attack:

sudo bettercap -S ICMP or sudo bettercap --spoofer ICMP

Disable spoofing:

sudo bettercap -S NONE or sudo bettercap --spoofer NONE or sudo bettercap --no-spoofing

No dear, you won’t connect to anything anymore :D

sudo bettercap -T --kill


-S, --spoofer NAME

Spoofer module to use, available: ARP, ICMP, NONE - default: ARP.


Disable spoofing, alias for --spoofer NONE / -S NONE.


Instead of forwarding packets, this switch will make targets connections to be killed.


Enable full-duplex MITM, this will make bettercap attack both the target(s) and the router.