Bettercap is a free and open-source tool for security professionals that allows them to do network penetration testing and monitoring so that they can assess and improve the security of their networks. Well, BetterCap is primarily designed for Linux and MacOS systems, however, we can install it on Windows easily using the Windows Subsystem for Linux (WSL) or can use directly the executable file provided by the BetterCap developers. In this tutorial, we will go through the steps required to follow for the installation of Bettercap on a Windows 11 or 10 system using its executable file.
To start with this guide make sure you have the following prerequisites in place:
- Windows 11 or 10
- An active internet connection.
- Basic knowledge of the Windows command line.
#1st Method using BetterCap’s Windows executable file.
Step 1: Install Npcap on Windows 10 or 11
We need to install NCap first on our Windows system otherwise when we run the Bettercap, we will see the “Couldn’t load wpcap.dll” error.
“bettercap v2.31.1 (built for windows amd64 with go1.16.4) [type ‘help’ for a list of commands] couldn’t load wpcap.dll”
Therefore, visit the NCAP website and download its installer for Windows. Like any executable application install it as well.
Step 2: Download BetterCap
Here we are about to use the BetterCap portable zipped file available on the GitHub page of this project, so visit the link and download the latest available version that this available for Windows.
Once you have the zipped file of BetterCap on your system, unzip it by right-clicking and selecting the Extract option.
Step 3: Open CMD or PowerShell
Next, open the extracted folder in which you will see two files “bettercap.exe” and “.SHA256File”. Right-click anywhere on the blank area and select the “Open in Terminal” option.
You will see your current BetterCap extracted directory in the Terminal, now run:
To check the version you can use:
Whereas, to start the BetterCap, use:
This will start the monitoring gateway…
Alternatively, we can add the BetterCap folder to our system environment path, so that we don’t need to switch to its extracted folder again and again.
- For that, go to your Windows Search box and type “Edit the system environment variables“, you will see an option for it, so click to open the same.
- After that, hit the “Environment Variables” button.
- Select Path and then click the Edit button.
- Following that click on Browse and then select the BetterCap extracted folder on your Windows 10 or 11 PC.
- After that press the okay button to save the settings.
Now, close your CMD or Powershell and open it again, this time simply type –
bettercap --version and you will see the output.
Step 4: Install Caplets for BetterCap on Windows
In Bettercap, “caplets” are script files used to define and automate various tasks and actions within the Bettercap framework. Caplets allow users to customize and extend the functionality of Bettercap by specifying a series of commands and configurations in a structured script format.
Caplets are written in a scripting language specifically designed for Bettercap and follow a specific syntax. It can be used to perform a wide range of network-related tasks, such as Packet Sniffing, DNS Spoofing, ARP Spoofing, HTTP/HTTPS Manipulation, Password Capture, Network Scanning, and Custom Exploits. They provide a convenient way to create reusable and automated workflows, making it easier for security professionals and network administrators to achieve their specific goals during network penetration testing or monitoring.
Switch to bettercap command line, if you have not already by typing
After that run:
Step 5: Install HTTP or HTTPS UI
The http-ui and https-ui caplets in bettercap are caplet files that provide a user interface (UI) for managing and interacting with HTTP and HTTPS traffic in real-time. These caplets are useful for monitoring and manipulating web traffic on a local network. They allow you to view HTTP and HTTPS requests and responses, capture data, and perform various actions.
Step 6: Start the GUI for BetterCap on Windows 10/11
To access the GUI interface we have installed in the previous step, use the following command.
Open your local browser and type: http://127.0.0.1:80 for HTTP, whereas HTTPS uses 443 port.
You will see the BetterCap web UI login screen, the default username is – user and the password is – pass to login.
Common BetterCap command syntax:
1. Network Discovery:
Use Bettercap to discover devices on a local network:
bettercap -iface -eval "net.probe on" -eval "net.show"
2. Packet Sniffing:
Sniff all HTTP traffic on a network:
bettercap -iface -eval "set http.proxy sniff true" -eval "set http.proxy.sslstrip true" -eval "http.proxy on"
3. DNS Spoofing:
Spoof DNS responses for a specific domain:
bettercap -iface -eval "set dns.spoof.domains example.com" -eval "dns.spoof on"
4. ARP Spoofing:
Perform ARP spoofing to intercept traffic between two devices:
bettercap -iface -eval "arp.spoof on" -eval "set arp.spoof.targets " -eval "set arp.spoof.gw "
5. SSL/TLS Stripping:
Capture HTTPS traffic using SSL/TLS stripping:
sudo bettercap -iface -eval "set https.proxy.sslstrip true" -eval "https.proxy on"
6. Capturing Credentials:
Capture login credentials by filtering HTTP POST requests:
bettercap -iface -eval "set http.proxy.stream 80" -eval "set http.proxy.regex.post /(login|signin)/i" -eval "http.proxy on"
7. Man-in-the-Middle (MITM) Attack:
Perform a comprehensive MITM attack combining ARP spoofing, HTTP/HTTPS sniffing, and DNS spoofing:
bettercap -iface -eval "arp.spoof on" -eval "set arp.spoof.targets " -eval "set arp.spoof.gw " -eval "set http.proxy sniff true" -eval "set http.proxy.sslstrip true" -eval "set https.proxy.sslstrip true" -eval "set dns.spoof.domains example.com" -eval "arp.spoof on" -eval "http.proxy on" -eval "https.proxy on" -eval "dns.spoof on"
8. Passive Network Reconnaissance:
Passively discover devices and analyze their activity:
bettercap -iface -eval "net.sniff on" -eval "net.show"
9. Custom Caplets:
Create custom caplet files (e.g., mycaplet.cap) to automate specific tasks, then run them:
bettercap -iface -caplet /path/to/mycaplet.cap
<gateway_IP>, and other placeholders with your specific network and target details.
While Bettercap is primarily designed for Unix-based systems, you can still leverage its powerful features on a Windows machine either by using the Windows Subsystem for Linux or as we have guided here. With bettercap installed, you have a versatile tool at your disposal for network penetration testing and security assessments on your Windows environment. Always use it responsibly and within the boundaries of the law and ethical guidelines.