HOW TO HACK ANY WIFI CONNECTION WITH BETTERCAP
There are many tools out there for Wi-Fi hacking, but few are as integrated and well-rounded as Bettercap. Thanks to an impressively simple interface that works even over SSH, it’s easy to access many of the most powerful Wi-Fi attacks available from anywhere. To capture handshakes from both attended and unattended Wi-Fi networks, we’ll use two of Bettercap’s modules to help us search for weak Wi-Fi passwords.
Read more cybersecurity articles here Cybersecurity Archive
Wi-Fi Hacking Frameworks
The idea of organizing tools into useful frameworks isn’t new, but there are many ways of doing it. Frameworks like Airgeddon include an incredible amount of bleeding-edge Wi-Fi hacking tools but cannot be used over a command line. That’s because Airgeddon requires the ability to open new windows for different tools to run, so if you’re communicating with a Raspberry Pi over SSH, you can forget launching many Wi-Fi hacking tools.
Bettercap allows access to the tools needed to swiftly scout for targets, designate one, and grab a WPA handshake to brute-force. While we won’t be working with any WPS recon modules today, our setup will allow you to audit for weak WPA passwords with ease. The way Bettercap is organized allows for anyone within proximity of a target to probe for weak WPA passwords while staying stealthy and undetected.
WPA Hacking with Bettercap
Bettercap is described as the Swiss Army knife of wireless hacking. To that end, it has a lot of modules for sniffing networks after you connect to them, as well as other modules looking at Bluetooth devices. The most straightforward use of Bettercap is to use the scanning and recon modules to identify nearby targets to direct attacks at, then attempt to identify networks with weak passwords after capturing the necessary information.
Our targets, in this case, will be two kinds of networks: attended and unattended. Attended networks are easier to attack, and a larger number of tools will work against them. With an attended network, there are people actively using it to download files, watch Netflix, or browse the internet. We can count on there being devices to kick off the network that will give us the information we need to try to crack the password.
Unattended networks are trickier to target. Because they do not have devices with an active data connection on them to disconnect, these networks were typically unable to yield the information needed to audit for a weak password. With the PMKID approach to cracking WPA passwords, that’s no longer the case. The tool is integrated as one of the Wi-Fi hacking modules and makes it even easier to attack.
Brute-Forcing Power Work arounds
Bettercap doesn’t directly break the passwords of networks it targets, but it would be impossible to do so without the information Bettercap provides. Once a handshake is captured, you’ll need to use a brute-forcing tool like Hydra or Aircrack-ng to try a list of common passwords against the hash you’ve captured. How quickly it will happen depends on a few factors.