Build Me Up BetterCAP

BetterCAP is a flexible and powerful tool for MITM or Man in the Middle attacks on wireless networks. BetterCAP is built into popular hacking Linux distros such as Kali and Parrot and Aline Linux and is also available on other platforms. The tool has become quite popular, pushing its predecessor EtterCAP to near irrelevance.

History of BetterCAP

As its name suggests, BetterCAP is a better version of Ettercap, a once popular but still available tool for network sniffing and MITM attacks. Both have the same purpose, but BetterCAP is far more updated and fully extensible. Ettercap was released in March of 2015 written in C. However, EtterCAP has become stagnant at some point as it did not support newer protocols along with some stability issues, prompting developer @evilsocket to create BetterCAP.

The first version of BetterCAP was written in Ruby with some basic MITM and sniffing functions. It stayed with Ruby up to version 1.6.2. Beginning with version 2 released on February 2018, BetterCAP was written from the ground up using the Go programming language.

One of the advantages to BetterCAP is it having fewer dependencies than EtterCAP and its own earlier versions. It’s now distributed as a single binary and can be used on any OS or platform. The new version is also optimized and won’t bottleneck the network while in use, meaning users can operate more stealthily. The developer no longer supports the Ruby version and recommends the most updated. The latest version is as of August 2021, version 2.32.

Installation and Usage

BetterCAP is built into popular hacking Linux distros such as Kali, Parrot OS, and Alpine Linux. New versions can be pulled from Github. BetterCAP is also supported in BSD, Android, Windows and MacOS. There are only three dependencies for Linux, and even less if you’re not doing HID attacks.

As mentioned, BetterCAP is used for MITM attacks as well as network sniffing against Wi-Fi networks, Bluetooth Low Energy Devices, HID devices, and Ethernet networks. BetterCAP can be used three ways. It has a cool WebUI for ease of use, an interactive terminal session and lastly a scripting mode for automating tasks thanks to a built-in JavaScript engine. Even the command-line version is easy to use thanks to an autocomplete feature.

BetterCAP is great at wireless recon, identifying all the wireless access points in the area as well as their respective connected devices. It can provide a well-organized list whether it’s from a terminal session or on the web UI.

Once the target access point and devices are listed, the hacker can then use BetterCAP to launch a de-authentication attack to disconnect these devices. Busy users will also attempt to reconnect manually and won’t think twice about what disconnected them, falling into any traps laid out by a BetterCAP user. BetterCAP will intercept those attempts resulting in a four-way-handshake which will allow hackers to obtain raw data for the Wi-Fi credentials.

Other uses for BetterCAP include hacking into into Bluetooth connections to be able to learn things like the device’s model number, battery life and even write some data onto the device; and taking control of computers through RF devices like wireless mouse or keyboard receivers in a process called mousejacking.

Check out BetterCAP tutorials on YouTube and see how terrifyingly easy it can be to hack into your neighbor’s Wi-Fi or prank your colleague in the office using this tool. As you know, hacking into networks is illegal unless you have express permission to do so.