ACCEPTpolicy in the
arp.spoof.targetsis the list of targets whose ARP tables will be poisoned
arp.spoof.internalis an option that allows bettercap to choose which addresses to spoof. If set to
true, machines from the same subnet as the client victim will be spoofed (i.e. their IP addresses will be matched to the attacker's MAC address on the victim client's ARP table). To put it simply, this option needs to be set to
truewhen the attacker wants to be the man-in-the-middle between two machines of a same subnet. When the victim client and the spoofed server are on different subnets, this option can be left to
arp.spoof.fullduplexis an option that, when set to
true, will make bettercap automatically try to poison the gateway's ARP table so that packets aimed at the victim client also get intercepted.
arp.spoofis a trigger to set to
onwhen starting the ARP poisoning,
offwhen stopping it. This trigger will also enable packets forwarding (i.e. write
/proc/sys/net/ip/ip_forward) while the
arp.bantrigger will disabled that and the poisoned victim will not have access to the spoofed machines anymore.
any.proxy.ifaceallows to set the interface to redirect packets from
any.proxy.protocolcan be set to
TCPto specify on which transport protocol the packets to reroute will transit
any.proxy.src_addressrefers to the destination address of the packets to reroute. This usally has to be set to the spoofed server IP address. Packets that were originally sent to that server will be rerouted and sent to another one. This option has to be set when doing the rerouting technique.This option can be blank. Bettercap will then reroute every packet received without filtering on the address. For instance, this is useful when doing a WSUS or DNS spoofing attack on multiple victims at the same time.
any.proxy.src_portrefers to the destination port of the packets to reroute. This usally has to be set to the spoofed service port. Packets that were originally sent to that server will be rerouted and sent to another one. This option has to be set when doing the rerouting technique.
any.proxy.dst_addressrefers to the IP address the matched packets are to be sent to. For instance, when doing WSUS or DNS spoofing attacks in a rerouting technique mode, this option has to be set to the IP address of the attacker's server.
any.proxy.dst_portrefers to the port the matched packets are to be sent to.
.capfile and launched with bettercap with the following command and options
bettercap --iface $interface --caplet caplet.cap
Settings > Update & Security > Windows Update > Check for updates.