How to create a fake AP on BackTrack 5 r2

Hi to all!

In my last MITM test I needed to create a fake AP that can relay all incoming traffic to a wireless interface connected to Internet.

I’ve some trouble doing this with brctl (because you cannot create a bridge with a wireless interface), so I have create a little laborous setup with the help of iptables. Obviously, you need two wireless card to follow this (one for the softAP – wlan1 in this tutorial –  and one connected to Internet – wlan0 in this tutorial).

First, you need to install a dhcp server:

Backup the default DHCP server configuration file:

Create a new DHCP server configuration file:

and add these lines into the file:

Then, start wlan1 in monitor mode:

Now, you have the interface mon0. So start your softAP (the -e option is used to specify the softAP ESSID, while the -c is used to specify the 802.11 channel):

This will create a new interface called at0. Setup this interface:

Now add a route for the traffic:

and setup new iptables rules:

Start the DHCP server on the at0 interface:

Now all the people that connect to your fake AP will be routed trasparently to the Internet.

If you are too lazy to follow this tutorial, you can use a script I make to speed up fake AP creation.

Download it -> FakeAP.tar. Now decompress all the files in the same directory. Launch the script with:

When your test are done, destroy the AP with:

Feel free to leave a comment or to contact us. Any feedback will be appreciated!

Be Sociable, Share!

11 thoughts on “How to create a fake AP on BackTrack 5 r2”

  1. hey man
    I was working on this for the past day or so. Had a little trouble with the server(impatient), but after a couple of articles and tweaking yours helped me solve my problem.

    The uses of this are really quite fun. Especially if you utilize the PLN on most OSs and can get a client that isn’t connected to anything to connect to you by capturing probe request packets of non existent systems and setting up your AP with those settings.
    Fun, fun, fun, fun!

    I was just gonna head on but I noticed it was a new site so I decided to show my thanks!
    I will be checking back for more of your updates.
    Feel free to email me!

    1. Thank you for the feedback man!
      Yes, using fake AP for MITM attack can be very fun 🙂
      You are welcome here 🙂

  2. hey, i tried your script and well it works really well, i did some modifications to it though

    pastebin.com/pemtLhmW

    nothing major hope you dont mind i do not take credit for the script, but i was wondering. ive run into a little problem with airbase, you see if i connect to “free WiFi” directly using that ssid i get an IP setup correctly, but if i try and connect to say “Honeypot” (which is an incorrect ssid that doesnt exist) i do get associated but dont recieve an IP address, since im using the -P -C 30 flags with airbase-ng it should accept it all? any ides on whats up with it?

    1. Thank you my friend!
      There is no problem with modifying the script, feel free to adapt it to your needs! 🙂
      For your problem, I haven’t tried the -P flag, but the script should work the same.
      However it seems interesting 🙂 I will experiment with it in the next days 🙂
      Stay tuned 🙂

    2. Ok I’ve tried my script with the -P -C 30 flag and it works as expected.
      Maybe it’s the xterm command in your version of script that create the problem?

    3. seems weird, “xterm -e ” & “just run whatever inside ” in a separate xterm window, i like to see whats happening when im APing, maybe could use Konsole instead, ill check it out! =)

      1. Maybe it’s the “APname” that cause some trouble inside the command string?

  3. hi i was trying the same
    but for some reason i can’t get the hdcp server to work
    see

    http://pastebin.com/cmBXZyYs

    do you guys have a clue what i am doing wrong ????

    i am using the same dhcpd.conf as you
    and changed the firewall rule
    iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
    to
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    which is my cabled network

    kind regards

Leave a Reply