mirror of
https://github.com/bettercap/bettercap.git
synced 2025-09-06 13:52:35 +00:00
Page:
net.sniff
Pages
Caplets
Changing the Prompt
Compilation on Android
Compilation on Linux and macOS
Compilation on Windows
Cross Compilation ( ARM example )
Home
Interactive Mode
Known Issues
Using with Docker
any.proxy
api.rest
arp.spoof
ble
caplets.update
dhcp6.spoof
dns.spoof
events.stream
gps
hid
http.modules
http.proxy
http.server
https.proxy
https.server
mac.changer
mysql.server
net.probe
net.recon
net.sniff
packet.proxy
syn.scan
tcp.modules
tcp.proxy
ticker
update.check
wifi
wol
Clone
7
net.sniff
evilsocket edited this page 2019-01-28 17:42:06 +01:00
A network packet sniffer and fuzzer.
Commands
| command | description |
|---|---|
net.sniff on |
Start the packet sniffer. |
net.sniff off |
Stop the packet sniffer. |
net.sniff stats |
Print the packet sniffer session configuration and statistics. |
net.fuzz on |
Enable fuzzing for every sniffed packet containing the sapecified layers. |
net.fuzz off |
Disable fuzzing. |
Parameters
| parameter | default | description |
|---|---|---|
net.sniff.output |
If set, the sniffer will write captured packets to this pcap file. | |
net.sniff.source |
If set, the sniffer will read from this pcap file instead of the current interface. | |
net.sniff.verbose |
false |
If true, every captured and parsed packet will be sent to the events.stream for displaying, otherwise only the ones parsed at the application layer (sni, http, etc). |
net.sniff.local |
false |
If true it will consider packets from/to this computer, otherwise it will skip them. |
net.sniff.filter |
not arp |
BPF filter for the sniffer. |
net.sniff.regexp |
If set, only packets with a payload matching this regular expression will be considered. | |
net.fuzz.layers |
Payload |
Comma separated types of layer to fuzz. |
net.fuzz.rate |
1.0 |
Rate in the [0.0,1.0] interval of packets to fuzz. |
net.fuzz.ratio |
0.4 |
Rate in the [0.0,1.0] interval of bytes to fuzz for each packet. |
net.fuzz.silent |
false |
If true it will not report fuzzed packets. |
Examples
The local-sniffer.cap caplet will sniff, parse and print all packets on the local machine:
events.clear
set net.sniff.verbose false
set net.sniff.local true
# https://biot.com/capstats/bpf.html
# set net.sniff.filter not arp and not udp port 53
net.sniff on
In the wpa_handshake.cap caplet instead, the sniffer is used to capture WPA2 handshakes while the user is deauthing clients:
...
# Sniff EAPOL frames ( WPA handshakes ) and save them to a pcap file.
set net.sniff.verbose true
set net.sniff.filter ether proto 0x888e
set net.sniff.output wpa.pcap
net.sniff on
...
Change 90% of mDNS incoming packets by fuzzing 40% of their payload (will reinject fuzzed packets):
set net.sniff.verbose true
set net.fuzz.rate 0.9
set net.fuzz.ratio 0.4
set net.fuzz.silent false
set net.fuzz.layers Payload
set net.sniff.filter "host 224.0.0.251 and port 5353"
net.fuzz on
Change 100% of WiFi packets by fuzzing 70% of their Dot11InformationElement and Dot11Data layers:
set net.sniff.verbose true
set net.fuzz.rate 1.0
set net.fuzz.ratio 0.7
set net.fuzz.layers Dot11InformationElement, Dot11Data
net.fuzz on
- Known Issues
- Using with Docker
- Compilation
- Interactive Mode and Command Line Arguments
- Changing the Prompt
- Caplets
Modules
- Core
- HID on 2.4Ghz (mousejacking)
- Bluetooth Low Energy
- 802.11
- Ethernet and IP
- Servers
- Rogue Servers
- Utils