TCP¶

If you want to actively modify packets of a TCP protocol which is not HTTP or HTTPS, you’ll need the TCP proxy. This event-based proxy will allow you to intercept anything sent/received to/from a specific host using your own custom module.

Sample Module¶

The following example module won’t do anything but dumping the data being transmitted from/to the target, you can access the event object in order to modify the data on the fly.

If you want to load such module and dump all the ( let’s say ) MySQL traffic from/to the mysql.example.com host you would do:

sudo bettercap --tcp-proxy-module example.rb --tcp-proxy-upstream mysql.example.com:3306

And you would be ready to go.

Options¶

`--tcp-proxy`¶

Enable the TCP proxy ( requires other --tcp-proxy-* options to be specified ).

`--tcp-proxy-module MODULE`¶

Ruby TCP proxy module to load.

`--tcp-proxy-port PORT`¶

Set local TCP proxy port, default to 2222.

`--tcp-proxy-upstream-address ADDRESS`¶

Set TCP proxy upstream server address.

`--tcp-proxy-upstream-port PORT`¶

Set TCP proxy upstream server port.

`--tcp-proxy-upstream ADDRESS:PORT`¶

Set TCP proxy upstream server address and port ( shortcut for --tcp-proxy-upstream-address ADDRESS and --tcp-proxy-upstream-port PORT ).

TCP¶

Sample Module¶

Options¶

--tcp-proxy¶

--tcp-proxy-module MODULE¶

--tcp-proxy-port PORT¶

--tcp-proxy-upstream-address ADDRESS¶

--tcp-proxy-upstream-port PORT¶

--tcp-proxy-upstream ADDRESS:PORT¶