I'm not a networking genius, so I'm kind of coming at this with just the information on https://www.bettercap.org/ and https://github.com/bettercap/bettercap/. And I'm not sure if any of my later errors are due to earlier setup, so I'm just gonna walk through the whole thing.
- Bettercap version:
bettercap v2.24.1 (built for windows amd64 with go1.12.4)
- OS version and architecture you are using: Windows 10 Pro 64-bit 1903
- Go version if building from sources.
- Command line arguments you are using.
- Caplet code you are using or the interactive session commands.
- Full debug output while reproducing the issue (
bettercap -debug ... ).
Steps to Reproduce
Download the Windows file from the releases page.
Does it need to be unblocked? Is that a relevant security issue? The ZIP file shows as blocked when downloaded. But, I'm not sure it behaves any differently when unblocked. I'll proceed by unblocking then extracting.
At this point,
bettercap.exe does nothing when invoked (maybe an error message here would help).
There are more install pre-reqs.
For every new release, we distribute bettercap’s precompiled binaries. In order to be able to use them, you’ll need the following dependencies on your system:
libusb-1.0-0 (required by the HID module)
I don't understand what "need... on your system" means for Windows. In the same folder as
bettercap.exe? Installed to some well-known system location?
I'm not sure where to get libpcap for Windows... WinPcap is obsolete, Npcap is current (but, will it work?), and libpcap is a source code archive (do I need to build one)?
I'll go with Npcap, for now, with these settings.
For libusb, I assume on Windows we're looking for something like
libusb-1.0.dll. It looks like this is the official website and the downloads come from their GitHub releases page. This is another blocked archive. I'll unblock and extract.
There is no installer, it's just a DLL (actually, several DLLs for different... platforms?). I'll choose
libusb-188.8.131.52z\MS64\dll\libusb-1.0.dll. I don't know where to "install" this, but this issue indicates...
Just make sure that's in the same directory as bettercap.exe
Now we're in business! I ran in an Administrator PowerShell session otherwise, I get a sketchy UAC pop-up from Npcap.
WARNING: This terminal does not support colors, view will be very limited.
bettercap v2.24.1 (built for windows amd64 with go1.12.4) [type 'help' for a list of commands]
10.0.75.0/24 > 10.0.75.1 »
I am unable to update caplets.
10.0.75.0/24 > 10.0.75.1 » caplets.update
[11:16:12] [sys.log] [inf] caplets creating caplets install path /usr/local/share/bettercap/ ...
[11:16:12] [sys.log] [err] open /tmp/caplets.zip: The system cannot find the path specified.
At this point, I'm looking for
bettercap's data folders, because I see it's still referencing Linux paths (
/usr/local/share/bettercap). I found files in
C:\! This is an extremely non-standard path for Windows applications.
Some paths that might make sense on Windows include (I'm not finding great references on the use and expectations of these locations):
Using my new knowledge, if I manually create
C:\tmp, then I can update caplets.
PS> mkdir C:\tmp
10.0.75.0/24 > 10.0.75.1 » caplets.update
[11:16:59] [sys.log] [inf] caplets downloading caplets from https://github.com/bettercap/caplets/archive/master.zip ...
[11:16:59] [sys.log] [inf] caplets installing caplets to \usr\local\share\bettercap\caplets ...
Now, I can update the UI and run the HTTP server.
10.0.75.0/24 > 10.0.75.1 » ui.update
[11:24:22] [sys.log] [inf] ui checking latest stable release ...
[11:24:23] [sys.log] [inf] ui downloading ui v1.3.0 from https://github.com/bettercap/ui/releases/download/v1.3.0/ui.zip ...
[11:24:24] [sys.log] [inf] ui installing to \usr\local\share\bettercap\ui ...
[11:24:32] [sys.log] [inf] ui installation complete, you can now run the http-ui (or https-ui) caplet to start the UI.
10.0.75.0/24 > 10.0.75.1 » http-ui
[11:25:06] [sys.log] [inf] api.rest api server starting on http://127.0.0.1:8081
Although, the log dumps a lot of
wtf messages on start and while poking around the UI.
wtf: caplet C:\usr\local\share\bettercap\caplets\ap.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\gps.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\http-ui.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\https-ui.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\local-sniffer.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\mana.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\massdeauth.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\mitm6.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\netmon.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\pita.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\rogue-mysql-server.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\simple-passwords-sniffer.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\crypto-miner\crypto-miner.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\download-autopwn\download-autopwn.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\fb-phish\fb-phish.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\gitspoof\gitspoof.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\hstshijack\hstshijack.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\http-req-dump\http-req-dump.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\jsinject\jsinject.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\login-manager-abuse\login-man-abuse.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\proxy-script-test\proxy-script-test.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\rtfm\rtfm.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\tcp-req-dump\tcp-req-dump.cap not found
wtf: caplet C:\usr\local\share\bettercap\caplets\web-override\web-override.cap not found
Expected behavior: What you expected to happen
It would be good for bettercap to follow Windows standards, conventions, and user expectations. And it would be good if the docs were more complete for Windows users. A summary of the items that I found above...
- [ ] Note whether the bettercap Windows archive needs to be unblocked.
- [ ] Provide an error message if pre-requisites are not found.
- [ ] Provide instructions/links for installing libpcap on Windows via Npcap.
- [ ] Provide instructions/links for installing libusb on Windows via their website (also, note unblocking and "install" by copy/paste... or consider bundling the tested version of libusb with bettercap for Windows?)
- [ ] Explain the sketchy UAC pop-up coming from Npcap.
- [ ] Write files to the correct Windows location.
- [ ] Test for and create your required data directories if they do not exist (to avoid errors, say, when trying to download
- [ ] Figure out why bettercap writes these
wtf messages to the logs on Windows
Actual behavior: What actually happened
The Windows experience is a little rough.