Scribd
Upload
902 views7 pages

Bettercap :: WiFi

The document discusses WiFi modules in Bettercap that allow scanning WiFi networks, capturing handshakes, spoofing access points, and attacking clients. It provides commands to control WiFi reconnaissance and deauthentication attacks. Notes explain setting the WiFi interface and region before starting modules. Parameters customize settings like the handshake file, channels to hop to, and access point details for spoofing. Examples show using ticks to periodically deauth clients or hop channels for scanning.

Uploaded by

waraceo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
902 views7 pages

Bettercap :: WiFi

The document discusses WiFi modules in Bettercap that allow scanning WiFi networks, capturing handshakes, spoofing access points, and attacking clients. It provides commands to control WiFi reconnaissance and deauthentication attacks. Notes explain setting the WiFi interface and region before starting modules. Parameters customize settings like the handshake file, channels to hop to, and access point details for spoofing. Examples show using ticks to periodically deauth clients or hop channels for scanning.

Uploaded by

waraceo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

" #

WIFI
The WiFi modules use a WiFi interface supporting monitor mode and packet injection in
order to:

scan the 802.11 spectrum


perform deauthentication attacks on connected client stations
perform RSN PMKID based clientless attacks on vulnerable access points
automatically sniff and save key material either from complete WPA/WPA2
handshakes or PMKID packets.
send spoofed management beacons to create fake access points.

! Note

The interface only needs to support monitor mode and packet injection, it’ll be
bettercap itself to switch it to the right mode, just make sure there aren’t other
processes using the same wifi interface.

! Note

This modules are natively supported on macOS with the default interface en0 . Just
make sure the interface is not connected to any WiFi network and then start
bettercap with:
sudo bettercap -iface en0

Commands
[Link] on

Start 802.11 wireless base stations discovery and handshakes/PMKID capture.

[Link] off
Stop 802.11 wireless base stations discovery.

[Link]

Clear all access points collected by the WiFi discovery module.

[Link] BSSID

Set 802.11 base station address to filter for.

[Link] clear

Remove the 802.11 base station filter.

[Link] BSSID

Send an association request to the selected BSSID in order to receive a RSN PMKID key
(use all , * or [Link] to iterate for every access point).

[Link] BSSID

Start a 802.11 deauth attack, if an access point BSSID is provided, every client will be
deauthenticated, otherwise only the selected client (use
use all , * or
[Link] to deauth everything
everything).

[Link]

Show current wireless stations list (default sorting by RSSI).

[Link] BSSID

Show WPS information about a given station (use all , * or [Link]


to select all).

[Link] CHANNEL

Comma separated list of channels to hop on.

[Link] clear

Enable channel hopping on all supported channels.


[Link]

Inject fake management beacons in order to create a rogue access point ( requires
[Link] to run ).

Parameters
parameter default descriptio

If filled, the
use this inte
of the one p
[Link]
the -iface
argument or
automatical

Set the WiFi


[Link] BO value before
the interface

Set WiFi tran


power to th
[Link] 30
before activ
interface.

Minimum W
[Link] -200
strength in d

If true, wifi.s
[Link]
false show the de
manufacture

Defines a re
[Link] expression fi
[Link]

Defines sort
( rssi , bssi
channel
encryption
[Link] rssi asc clients
sent , rcvd
direction ( a
for [Link]

Defines sort
[Link] asc
for [Link]

If greater tha
[Link] 0 defines limit
[Link]

If channel h
enabled (em
[Link]
), this is t
[Link] 250 millseconds
algorithm w
every chann
doubled if b
5.0 bands ar

[Link] ~/[Link] File path of


to save hand

If set, the w
read from th
[Link]
instead of th
interface.

If true, dot11
[Link]-broken true an invalid ch
be skipped.

Comma sep
BSSID to ski
[Link]
sending ass
requests.

If true, mess
[Link] false [Link] w
suppressed.

Send associ
[Link] false requests to
networks.

Comma sep
[Link] BSSID to ski
sending dea

If true, mess
[Link] false [Link]
be suppress

Send wifi de
[Link] true
to open net

SSID of the
[Link] FreeWifi
point.

BSSID of the
[Link] <random mac>
point.

Channel of t
[Link] 1
access poin

If true, the f
point will us
[Link] true
otherwise it
open AP.

Examples
Run bettercap using eth0 as the main interface but start the wifi module on wlan0
instead:

sudo bettercap -iface eth0 -eval "set [Link] wlan0;


[Link] on"
Keep deauthing clients from the access point with BSSID [Link]
every five seconds:

> set [Link] 5; set [Link] "[Link]


[Link]"; ticker on

Use the ticker and [Link] modules to create a WiFi scanner (performing
channel hopping on every supported frequency):

> set [Link] "clear; [Link]"; [Link] on; ticker on

Sort by BSSID and filter for BSSIDs starting with F4 :

> set [Link] bssid asc


> set [Link] ^F4
> [Link]

Only recon on channels 1, 2 and 3:

> [Link] 1,2,3; [Link] on

Will send management beacons as the fake access point “Banana” with BSSID
[Link] on channel 5 without encryption:

> set [Link] Banana


> set [Link] [Link]
> set [Link] 5
> set [Link] false
> [Link] on; [Link]
$ %

You might also like