Ethical Hacking with Bettercap's Graphical Interface

A comprehensive guide to using Bettercap's web UI for network security assessment

Introduction to Bettercap's Web Interface

While the text-based interface of Bettercap offers efficiency and lower resource usage, the graphical web interface provides a more user-friendly approach to performing network security assessments. This guide explores how to leverage the web UI to perform the same tasks we previously accomplished through the terminal.

Note: This guide assumes you have a basic understanding of Bettercap's capabilities and ethical hacking principles. All techniques should only be performed in authorized environments with proper permissions.

Getting Started with the Web Interface

1

Launching Bettercap

Start by launching Bettercap with your target interface:

bettercap -iface eth0
2

Starting the Web UI

If you're using the custom Kali image for this course, simply type:

http-ui

For standard Kali or other distributions, you'll need to install it first:

ui.update http-ui
3

Accessing the Interface

Copy the provided URL and open it in your web browser. Use the default credentials:

  • Username: user
  • Password: pass
Security Tip: It's recommended to change the default credentials for security purposes, especially if you're running Bettercap on a publicly accessible network.

Web Interface Overview

The Bettercap web interface is organized into several sections, each providing access to different functionality:

1

Events Section

Located on the right side, this shows all events and logs similar to the terminal output but in a more organized format. You can:

  • Filter events using the search bar
  • Mute specific event types by clicking on them
  • Clear all events
2

LAN Section

Displays all devices connected to the network, similar to running net.show in the terminal. Features include:

  • Play buttons to start net.probe and net.recon
  • Tags indicating which device is the gateway and which is your computer
  • Dropdown actions for each device (port scanning, adding to spoof targets)
3

Caplets Section

Provides a list of all available caplets with options to:

  • Edit caplet configurations directly in the interface
  • Save modifications
  • Run caplets with a single click
4

Advanced Section

Contains all available modules and commands, allowing you to:

  • Enable/disable modules like net.sniff
  • Modify module options
  • Execute commands without typing them

Network Reconnaissance and ARP Spoofing

ARP Spoofing Process via Web UI

1

Discovering Network Devices

Instead of manually typing commands, simply:

  1. Navigate to the LAN section
  2. Click the play button for net.probe
  3. Click the play button for net.recon

The interface will display all discovered devices with appropriate tags.

2

Adding Targets for ARP Spoofing

To perform ARP spoofing on a target:

  1. Click the arrow next to the target IP address
  2. Select "Add to ARP spoof targets"
  3. In the configuration window, check the "full_duplex" option
  4. Click "Start Spoofing"

An icon will appear next to the target IP indicating that spoofing is active.

3

Verifying the Spoof

On the target machine, run arp -a to confirm that the router's MAC address has been replaced with your attack machine's MAC address.

HTTPS Bypass Using Caplets

Warning: HTTPS bypassing should only be performed in authorized environments for educational purposes. Attacking encrypted connections without permission is illegal and unethical.
1

Running HSTS Hijack Caplet

  1. Navigate to the Caplets section
  2. Find the hstshijack caplet
  3. Click on it to view its configuration
  4. Modify any options as needed
  5. Click the disk icon to save changes
  6. Click play to run the caplet
2

Testing the HTTPS Bypass

To test that the bypass is working:

  1. Clear browsing data on the target machine
  2. Visit an HTTPS site (e.g., stackoverflow.com)
  3. Observe that it loads over HTTP instead
3

Testing HSTS Partial Bypass

For sites with HSTS, try the partial bypass technique:

  1. On the target machine, go to a search engine like google.ie
  2. Search for a site with HSTS (e.g., Facebook)
  3. Click the search result
  4. Observe if it loads over HTTP

Network Sniffing

1

Starting the Sniffer

  1. Navigate to the Advanced section
  2. Scroll down to find net.sniff
  3. Click on it to view its configuration
  4. Modify any options as needed
  5. Click the disk icon to save changes
  6. Click on net.sniff to toggle it on
2

Viewing Captured Data

Captured data will appear in the Events section. You can:

  • Filter events by typing in the search bar
  • Look for specific protocols or keywords
  • Mute irrelevant event types
3

Advanced Filtering

While the web interface provides basic filtering, for more advanced analysis:

  • Consider exporting the capture and using Wireshark
  • Wireshark offers more sophisticated filtering and analysis capabilities

Terminal vs. Web Interface: A Comparison

Terminal Interface

  • Speed: Faster execution of commands
  • Resources: Uses fewer system resources
  • Stability: Less prone to bugs and failures
  • Flexibility: Direct modification of caplets and scripts
  • Efficiency: Faster for experienced users
  • Dependencies: No need for additional modules

Web Interface

  • User-Friendliness: More intuitive visual interface
  • Learning Curve: Easier for beginners
  • Visualization: Better presentation of network data
  • Interaction: Point-and-click functionality
  • Organization: Cleaner display of events and logs
  • Configuration: Easier modification of options

Pros of Web Interface

  • Visual representation of network topology
  • Intuitive controls for common tasks
  • Easier for those unfamiliar with command-line interfaces
  • Better organization of event logs
  • Simplified configuration of modules and caplets

Cons of Web Interface

  • Higher resource consumption
  • May be slower for experienced users
  • More potential points of failure
  • Requires additional modules
  • Limited compared to terminal for some advanced operations

Key Takeaways