Bettercap

From Embedded Lab Vienna for IoT & Security
Revision as of 19:57, 15 February 2020 by Dsloan (talk | contribs) (finished practical steps)
Jump to navigation Jump to search

Summary

This documentation is about bettercap, more specifically the functionality related to Bluetooth. The bettercap tool is described on it’s website as "the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks".[1] In this Wiki entry, bettercap installed on a Raspberry Pi Model 4 B and tested on a Bluetooth Low Energy tea light.

Requirements

  • Raspberry Pi Model 4 B
  • Operating system: Raspbian Buster
  • Packages: build-essential, libpcap-dev, libusb-1.0-0-dev, libnetfilter-queue-dev
  • BLE device

Installation

Step 1

Install the prerequisites 

sudo apt install golang git build-essential libpcap-dev libusb -1.0-0-dev libnetfilter-queue-dev

Step 2

Install bettercap 

go get github.com/bettercap/bettercap 
cd go/src/github.com/bettercap/bettercap 
make build 
sudo make install

Step 3

Run bettercap 

sudo bettercap

Practical Demonstration

The following shows the output after starting bettercap. Note the subnet and the IP address of the Raspberry Pi are shown.

Sudo bettercap.png

After bettercap is running, a list of available commands and modules can be displayed using the command 

help

Bettercap help.png

Enter the module name to gain further help 

help ble.recon

Bettercap help ble.recon.png

Turn on ble.recon and list the available BLE devices 

ble.recon on
ble.show

Bettercap ble recon on show.png

Various information is available from these commands such as the RSSI, the MAC address (BD_ADDR), the vendor, the flags that show which version of Bluetooth is supported, whether it is possible to connect to the device and time discovered. The Playbulb Candle has been discovered and from the output it possible to see that it only supports BLE as BR/EDR is not supported.

To list the services and characteristics of the a device use the command 

ble.enum MAC

In this case for the Playbulb Candle 

 ble.enum DC:48:4B:0F:AC:E6

Bettercap ble enum.png

Attempts to change the values of characteristics can be made with 

ble.write MAC UUID HEX_DATA

Results can be seen in the following screenshot.

Bettercap ble write.png

To end BLE scanning using bettercap, use the command 

ble.recon off

Used Hardware

Raspberry Pi 3 Model B+ Raspberry Pi 3, Model B+, WLAN, BT Raspberry Pi® 3 Model B, 1GB LPDDR2 RAM MiPow Playbulb Candle

Courses

References

References

  1. https://www.bettercap.org/
Retrieved from "https://wiki.elvis.science/index.php?title=Bettercap&oldid=3097"