Wi-Fi Hacking with Bettercap

Bluetooth devices are everywhere and are used in mobile phones, watches, headphones, computers, etc. They are also a target for malicious users who aim to carry out simple or complex hacking attacks in order to collect, track or seize them. In today's guide we will see a brief description of an attack with Bettercap.

Manufacturing speaking, while Bluetooth devices support random MAC addressing, many manufacturers do not use it, allowing Hackers to use tools like Bettercap to scan and track Bluetooth devices.

How useful the information collected with Bettercap is usually depends on the device manufacturer, as Bluetooth is generally a more secure protocol than WiFi, if properly implemented of course. Unfortunately for end consumers, many manufacturers do not choose to take advantage of protocol security such as random MAC addressing, so they broadcast the same MAC address everywhere. This makes it easy to track and makes it easy to determine what kind of device is behind the Bluetooth.

bettercamp bg

In this guide, we will use Bettercap to find Wi-Fi APs, do de-authenticate the clients and record them hashes with a PMKID attack.

Step #1: Install Bettercap

There are several ways to install Bettercap, but perhaps the easiest is to download and install it from the Kali repository

kali > sudo apt install better cap

better cap

Additionally, you can install the dependencies and then install the gems

bettercap1

kali > sudo gem install better cap

Step #2: Check your network adapter

Next, we need to check the Wi-Fi adapter. If you're using a VM like VirtualBox or VMware Workstation, you'll probably need an external USB Wi-Fi adapter (I use Alfa's network card. It's simple, cheap, and most importantly, it works!). Use the ifconfig command in Linux to find your adapter name.

kali > sudo ifconfig

bettercap2

Note that my adapter is called wlan0. Yours may be different. The key is to know what your system has named the Wi-Fi adapter.

Step #3: Start Bettercap

Next we need to start bettercap. As we'll be using it for Wi-Fi hacking, we'll need to tell bettercap on startup to use it wlan0 (will use eth0 by default).

kali > sudo better cap –iface wlan0

bettercap3

Let's take a look at the help file before we start. This is always a good first look when using a new tool.

kali > help

bettercap4

Note that only 2 are running modules, Events.stream and wifi. To display the help screen for any module, just type help followed by his name module. In this case, let's look at the wifi help screen.

kali > help Wireless

bettercap5

For starters, let's do an identification of the nearby wifi-APs.

Step #4: Check your nearby Wi-Fi APs

To launch bettercap's recon module, simply enter the command wifi.recon on.

kali > wifi.recon on

bettercap6

Bettercap now tries to find all APs in range and record their basic parameters.

We can import it wifi.show to see all found Wi-Fi APs and their basic parameters such as BSSID, SSID, encryption type and whether they use WPS and also the WPS type (1.0 or 2.0).

kali > wifi.show

bettercap7

With this information, we can choose to use another app like aircrack-ng to crack these APs or move on to one of the bettercap cracking apps.

Step #5: PKMID Attack

One of the newer wi-fi attacks is the PMKID attack (for more information on the PMKID attack, click here). One of the key advantages of the PMKID attack is that you don't have to wait for a client to connect to the AP to capture the password hash. The weakness of this attack is that it can be very slow.

To launch the PMKID attack, we must first use the command wi-fi.assoc. You can choose to connect to one or all APs within range. To connect to a single AP, follow the command wifi.assoc with the BSSID of the selected AP. To connect to all APs, follow the command with all APs.

kali > wifi.assoc ALL

bettercap8

When bettercap records the handshake, it places it in a file at ~/bettercap-wifi-handshakes.pcap (you can specify the handshake file using the parameter wifi.handshakes.file followed by the location and file name).

bettercap9

kali > wifi-assoc ALL wifi.handshakes.file /home/kali/handshakes

To crack the hashes, you should first edit them and remove all unnecessary information in the handshake reception, using hcxhextool, and then use a tool like hashcat to crack them (for more information on this procedure see guide for PMKID attack here).

bettercap10

Step #5 De-Authenticate with Bettercap

One of the often overlooked attacks against Wi-Fi APs is Denial of Service (DoS). Among the multitude of frames available in wi-fi is the frame deauthentication ή deauth frame. This box disables any user/client login to the AP and forces them to login again. This can be very useful for forcing the client to resend their hash in a traditional WPA2 attack, or if done continuously, can prevent the user/client from being able to re-authenticate, creating a denial of service situation.

Bettercap makes it simple to disable the client/user by just using the command wifi.deauth followed by the BSSID of the AP from which you want to disable clients, such as:

kali > wifi.deauth

bettercap11

To block authentication of all clients on all APs, simply use the all keyword and bettercap will start running all APs and block authentication of all clients connected to the AP.

Summary

Bettercap is a great tool for Man-in-the-Middle attacks, but I find it a bit difficult to use for Wi-Fi attacks. I have been using aircrack-ng for many years and know it well. The beauty of this industry is that there are so many different tools and I'm sure you can find one that works well for you. Many beginners may prefer Bettercap's easy-to-use interface and helpful help screens for Wi-Fi hacking.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.096 registrants.
Wi-Fi Hacking, Wi-Fi, hacking, bettercap

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).