As previously described in the introduction section, spoofing is the very hearth of every MITM attack. These options will determine which spoofing technique to use and how to use it.
BetterCap already includes an ARP spoofer ( working both in full duplex and half duplex mode which is the default ), a DNS spoofer and the first, fully working and completely automatized ICMP DoubleDirect spoofer in the world
Use the good old ARP spoofing:
sudo bettercap or
sudo bettercap -S ARP or
sudo bettercap --spoofer ARP
Use a full duplex ICMP redirect spoofing attack:
sudo bettercap -S ICMP or
sudo bettercap --spoofer ICMP
sudo bettercap -S NONE or
sudo bettercap --spoofer NONE or
sudo bettercap --no-spoofing
No dear 192.168.1.2, you won’t connect to anything anymore :D
sudo bettercap -T 192.168.1.2 --kill
-S, --spoofer NAME¶
Spoofer module to use, available:
NONE - default:
Disable spoofing, alias for
--spoofer NONE /
Instead of forwarding packets, this switch will make targets connections to be killed.
Enable full-duplex MITM, this will make bettercap attack both the target(s) and the router.