Arpspoof and bettercap not working: loosing victim connection

No this is what I meant.
So Kali with wifi and run the attack and eth0 diabled.

What is the result of arp -a on the target when you do that?

The target and the router had the same mac.

You mean the router and the attacker ip have the same mac?
If the target and the router have the same mac the attack doesn’t work.kali

10.0.2.15 is kali with bettercap (this is form a arp -a on my target.)

Yes, the attacker and the router, sorry.

I tried again to attack my phone with wlan0, tried to sign in to http website (I didnt try the last time), and it appears that here’s the same thing as what you told me about (attacking from bridged connection). So I see what target does, when it tries to login somwhere and what websites it visits, but again I dont see the password and the username (on http).
And the new problem comes in from this moment: I type all the same commands in bettercap again and again and connection loses again. After a while it somehow appears from nowhere. This is very strange.

in this folder “/usr/bin/bettercap” you should replace the bettercap executable file with this one https://ufile.io/joxjzflg
After that check the version it should now say bettercap v2.23

If you have installed kali as a vm on your host and you are using NAT network, you have an isolated network. If you use Kali with a Bridge Adapter you can use the same network as your host. So if your host is connected to the same network as your WiFi, Kali in bridge mode can also intercept packets from your WiFi. I hope this clarifies one thing or another.

And don’t forget that I am also a student, I let you do certain things to understand what is going on in your lab. (trial and error)
remember that everything works flawlessly for me.

1 Like

thnaks edwin For your help :),
finally
I installed the 64 kali version offered by ZAID
i have actualuy a mesage error when i run bettercap ui,
I don’t know if you have encountered this kind of problem
image

Can you tell me in which course and lecture Zaid uses Bettercap with UI? As far as I know he only uses Bettercap v2.23 without the UI. But maybe I missed something.

And that error code seems pretty clear to me. (it’s not even an error code but more of a hint)
You must have v2.24 or higher to use the UI. And if you are running v2.23 it will not work.

Hi! I have similar issues to Ingvarr and I tried to follow your instructions but it failed.
I have a machine running only Kali as a main OS. Wireless adapter supporting monitor mode etc.
When I start bettercap and run net.probe and net.recon the internet slows down a bit for my target device. When I run arp.spoof the connection get super weak and eventually crashes.

I know bettercap enables ip forwarding automatically but I still tried running the
echo 1 > /proc/sys/net/ipv4/ip_forward
but with the same effect.

Any suggestions how I can make it work?
Thanks!

hi stazia, did you find a solution for the problem ?

Hello Edwin
I am having the same problem as Milo, i can spoof http websites, get their passwords and everything but when i run “hstshijack” caplet it does not make https sites use http, this has been very frustrating to me because i have followed every single step zaid has followed and i rewatched the “bypassing https” lecture number 44 about 5 times to make sure i did every step correctly. I also keep getting an annoying message whenever i run bettercap spoof.cap, it keeps telling me “[net.sniff.dns] dns gateway > local : (my ip address but written in the opposite direction).in-addr.arpa is Non-Existent Domain”

Just move on to something else. bettercap is really a waste of your time. This course is a few years old. And a lot has changed in the meantime. By using HSTS it is no longer that easy to perform an https downgrade attack.

Thank you for your reply
But isnt this section one of the most important part of ethical hacking? Sniffing data from connection attacks, or will zaid explain how to use a different tool eventually throughout the course. Also is there a newer version of this course?

Sniffing data is indeed very important, but not in this way. If they assume the most ideal circumstances, you’ve lost me. (turn firewall + updates + av off etc…) You can sniff data in many ways. You can use ettercap (not bettercap),wireshark,rogue access point,evil twin etc… If you do a search here on the forum for bettercap you will see that a lot of people have trouble with bettercap. Because of the new techniques that browser + website developers use, it is no longer as easy as it is told in those videos.

Thank you for your help, Edwin
okay, but can u explain why it keeps saying “[net.sniff.dns] dns gateway > local : (my ip address but written in the opposite direction).in-addr.arpa is Non-Existent Domain”
Thank you in advance

Knowing the basics of sniffing is important, and that’s why it is there in the course. Nowadays, performing sniffing attacks is not easy because of the browser security and developer’s codebase. But in cases where security is not implemented correctly, it can still be performed. That’s why knowledge of these techniques is essential.