Jump to content

No access to my fake AP


Recommended Posts

There are 2 sides talking here, the AP and the client. Which side is saying it's taking too long and what is the other side saying?

If the logs are insufficient in showing the cause of the problem, try running Wireshark on the wireless interface and look at the traffic.

Link to comment
Share on other sites

Sorry for the delay I only had 3 posts yesterday, im not running any server, just created a faje ap after running airodump-ng and then airbase-ng with same mac adress and network name of my home network. .. what I noticed is when I look for my fake ap sometimes it shows the fake one and sometimes it shows the real one.

Link to comment
Share on other sites

Looks like Cooper solved it again :) He's right unless you have a dhcp server running, there is nothing to assign an ip address to your client trying to connect. Configure the IP manually and it should connect. That's not good though for auto-connecting with a automatically assigned IP address so, get a DHCP server up and running.

This excript taken from ubuntu forums but I think kali also will work to grab this one:


Open up a terminal and type:

sudo apt-get install isc-dhcp-server

There are two main files /etc/default/isc-dhcp-server and /etc/dhcp/dhcpd.conf which we will need to configure so lets take the first.

Open up a terminal and using your favorite text editor type:

sudo vim /etc/default/isc-dhcp-server

You should get the following:

#Defaults for dhcp initscript#sourced by /etc/init.d/dhcp#installed at /etc/default/isc-dhcp-server by the maintainer scripts##This is a POSIX shell fragment##On what interfaces should the DHCP server (dhcpd) serve DHCP requests"#Separate multiple interfaces with spaces, e.g. “eth0 eth1".INTERFACES="eth0"

Replace eth0 above with the name of your network interface that you want the server to lease addresses on. Onto the next file.

Open up a terminal and type:

sudo vim /etc/dhcp/dhcpd.conf

which should give you the output below.

##Sample configuration file for ISC dhcpd for Debian##Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as#configuration file instead of this file.##....option domain-name “example.org”;option domain-name-servers ns1.example.org, ns2.example.org;option domain-name “comtech.com”;default-lease-time 600;max-lease-time 7200;log-facility local7;subnet netmask {range;option routers;option subnet-mask;option broadcast-address;option domain-name-servers,;option ntp-servers;option netbios-name-servers;option netbios-node-type 8; ......}

This needs a little bit of explaining.

  1. Adjust your settings according to your network requirements.
The option domain name is your dns zone name. For example mine is set to comtech.com.
Range should be the range of ip addresses that you want the server to give out to clients.

Now restart the dhcp service by typing:

sudo service isc-dhcp-server restart

Thats it!! Your dhcp server should be running

Link to comment
Share on other sites

Airbase-ng documentation specifies you need to serve DHCP and DNS for a valid interface that has internet access, or at least, the DHCP needs to work. What you serve as the internet is up to you though.


Edited by digip
Link to comment
Share on other sites

  • 2 weeks later...

explain everything

I think you'll find the answer to that is a resounding 'no'. People here are more than happy to help, but if you run into a snag don't ask for someone to "explain everything". Instead, find out where in the process you're following things to sideways. Think long and hard about why that might be. Try a ton of variations to this - alternate parameters to programs, config file changes, that sort of thing. Google the CRAP out of it. Still can't get it to work? Ask about that specific part of the process. You'll get a lot better responses that way.

Link to comment
Share on other sites

And you can. But my experience is that you learn by doing first and asking when you get stuck. And when you get stuck halfway through something, don't assume everything you've done up until that point was for naught. Ask about that specific part by explaining what you see happening, what you expected to be happening instead, why you think those two things are different and what you've tried to fix it.

People here are more than happy to help, but you've got to show you've been doing some legwork yourself too.

Link to comment
Share on other sites

ok here is my /etc/dhcpd.conf

default-lease-time 600;
max-lease-time 7200;
subnet netmask {
option subnet-mask;
option broadcast-address;
option routers;
option domain-name-servers;

and then i typed this

root@kali:~# ifconfif at0 netmask
bash: ifconfif: command not found
root@kali:~# route add -net netmask gw
root@kali:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@kali:~# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
root@kali:~# iptables --append FORWARD --in-interface at0 -j ACCEPT
root@kali:~# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination
root@kali:~# iptables -t nat -A POSTROUTING -j MASQUERADE
root@kali:~# dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0

so i got this;

Internet Systems Consortium DHCP Server 4.3.3
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid
lease no subnet.
lease no subnet.
lease no subnet.
Wrote 0 leases to leases file.
Listening on LPF/at0/c4:e9:84:0c:91:e6/
Sending on LPF/at0/c4:e9:84:0c:91:e6/

and then i typed this:

/etc/init.d/isc-dhcp-server start

this is what got

[....] Starting isc-dhcp-server (via systemctl): isc-dhcp-server.serviceJob for isc-dhcp-server.service failed. See 'systemctl status isc-dhcp-server.service' and 'journalctl -xn' for details.

Link to comment
Share on other sites

Here's a really stupid thought:

How's about you do what the error message tells you?

You know, running "systemctl status isc-dhcp-server.service" and "journalctl -xn". Rumor has it doing that will result in some details. Oooh, I think I just heard someone yell "google". I wonder why...

Link to comment
Share on other sites

root@kali:~# journalctl -xn
-- Logs begin at Thu 2015-12-24 04:45:32 EST, end at Thu 2015-12-24 13:04:34 EST. --
Dec 24 13:04:15 kali isc-dhcp-server[42588]: ^
Dec 24 13:04:15 kali isc-dhcp-server[42588]: Configuration file errors encountered -- exiting
Dec 24 13:04:15 kali isc-dhcp-server[42588]: If you think you have received this message due to a bug rather
Dec 24 13:04:15 kali isc-dhcp-server[42588]: than a configuration issue please read the section on submitting
Dec 24 13:04:15 kali isc-dhcp-server[42588]: bugs on either our web page at www.isc.org or in the README file
Dec 24 13:04:15 kali isc-dhcp-server[42588]: before submitting a bug. These pages explain the proper
Dec 24 13:04:15 kali isc-dhcp-server[42588]: process and the information we find helpful for debugging..
Dec 24 13:04:15 kali isc-dhcp-server[42588]: exiting.
Dec 24 13:04:26 kali dhclient[24972]: DHCPDISCOVER on wlan0 to port 67 interval 8
Dec 24 13:04:34 kali dhclient[24972]: DHCPDISCOVER on wlan0 to port 67 interval 12

Link to comment
Share on other sites

root@kali:~# systemctl status
● kali
State: degraded
Jobs: 0 queued
Failed: 5 units
Since: Thu 2015-12-24 04:45:28 EST; 8h ago
CGroup: /
├─1 /sbin/init
│ ├─avahi-daemon.service
│ │ ├─826 avahi-daemon: running [kali.local
│ │ └─827 avahi-daemon: chroot helpe
│ ├─inetd.service
│ │ └─516 /usr/sbin/inetd -i
│ ├─dbus.service
│ │ └─536 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
│ ├─ModemManager.service
│ │ └─509 /usr/sbin/ModemManager
│ ├─cron.service
│ │ └─513 /usr/sbin/cron -f
│ ├─wpa_supplicant.service
│ │ └─24903 /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
│ ├─accounts-daemon.service
│ │ └─507 /usr/lib/accountsservice/accounts-daemon
│ ├─colord.service
│ │ └─719 /usr/lib/colord/colord
│ ├─atd.service
│ │ └─511 /usr/sbin/atd -f
│ ├─systemd-journald.service
│ │ └─189 /lib/systemd/systemd-journald
│ ├─udisks2.service
│ │ └─1053 /usr/lib/udisks2/udisksd --no-debug
│ ├─upower.service
│ │ └─706 /usr/lib/upower/upowerd
│ ├─packagekit.service
│ │ └─838 /usr/lib/packagekit/packagekitd
│ ├─systemd-logind.service
│ │ └─522 /lib/systemd/systemd-logind

Link to comment
Share on other sites

oops I think i got into the wrong forum...

Not so fast! I decided to set up my own hosted AP to show you how it's done! (and I've been meaning to get this going anyway)

I figured it out, and made my own guide, try this one it'll work this time :) Hint: use hostapd not airbase

Your main problem is your config file(s) with incorrect input, or placed in the wrong place... Follow along with this closely and get it right, substituting

your proper interface, etc, where it needs to go.


apt-get install hostapd udhcpd udhcpc

hostapd - which will use your desired and compatible interface to enable "master" mode/AP mode

udhcpd will be your dhcp server daemon (for giving ips to devices connecting to your AP)

udhcpc will be your dhcp client (for getting an ip address from your internet connected interface)


After installing the required daemons and dhcp client, first lets create your hostapd config file...

These commands should be run as root

I'm using wlan0 as my access point and using wlan1 has the internet access with which to share with devices connected to my AP! (on wlan0) :)


nano /etc/hostapd/hostapd.conf

shift+insert this default config and customize it (change interface, ssid, and wpa_passphrase, leave other options unless you run into issues)


Ok so now you have that saved as /etc/hostapd/hostapd.conf

hostapd should work now, but NetworkManager conflicts with it, more specifically wpa_supplicant does. This is because when the network manager is managing your interfaces it automatically keeps your interfaces in managed mode (or whatever mode its using) which will interrupt the process of starting the access point.

Let's make sure hostapd works real fast before we continue. You may need to specify the proper driver name for you if yours is different than nl80211 or wext. (I'm already assuming you know your device is capable of AP mode)

Do: (to stop the confliciting network manager and wpa_supplicant)

systemctl stop NetworkManager
systemctl stop wpa_supplicant

Then: (start hostapd in the background and -d for more verbose output {in case things don't work out, you can see more of what could've gone wrong})

hostapd -d -B /etc/hostapd/hostapd.conf

If you see something like this at the end:

"wlan0: interface state UNINITIALIZED->ENABLED


wlan0: Setup of interface done."

Now you should see it visible and popup in network scans! If you try to connect though there isn't any DHCP server running to give you one.

2.Now let's get your DHCP server working...

nano /etc/dhcp/dhcpd.conf

configuration to use as your gateway IP for your AP, which gives IP addresses from - and gives them openDNS directly as their DNS. (let's just make sure it works we can force them to use our own dns server later) :D

ddns-update-style none;
ignore client-updates;
subnet netmask {
# --- default gateway
option routers;
# --- Netmask
option subnet-mask;
# --- Broadcast Address
option broadcast-address;
# --- Domain name servers, tells the clients which DNS servers to use.
option domain-name-servers,,;
option time-offset
default-lease-time 1209600;
max-lease-time 1814400;

With that config saved, running these next two commands should work:

ifconfig wlan0 netmask

dhcpd wlan0

First we make sure we have wlan0 with the same IP we put for default gateway in the dhcpd.conf, then run the dhcp daemon for wlan0.

If all went well you should now be able to connect to your access point and automatically get assigned an IP address from our dhcp daemon we launched and will stay running in the background giving out IP addresses as needed.

3. Lets now get our internet sharing interface (wlan1) set up to share it's access with our clients connected to our AP (wlan0)

If you remember now, wait a minute, since we had to stop NetworkManager and we can't use it at the same time as hostapd how are we going to connect our wlan1 interface to get internet to share with wlan0 AP clients?

Restarting the NetworkManager service won't do us any good, it will screw up your hostapd and just give you internet back on your wlan1.. So what can we do?

Answer: We have to connect with wpa/wpa2 and stay connected via the command line in some way.

a. manually use wpa_supplicant to authenticate, and udhcpc to get a dynamic IP address.

b. configure your internet interface in /etc/network/interfaces and use "ifup wlan1" and let it handle the wpa_supplicant for you.

Either way create a /etc/wpa_supplicant/wpa_supplicant.conf with credentials to your access point with internet that your going to share on your hostapd hosted AP...

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev


for method a, do:

#start wpa_supplicant in background for [interface that has internet]
wpa_supplicant -B -i wlan1 -D nl80211,wext -c /etc/wpa_supplicant/wpa_supplicant.conf

#obtain an ip address from dhcp server on your network that has internet access
udhcpc -i wlan1 
#dhclient -i wlan1 #or you could use this one

You should now be connected to the internet with one interface, and simultaneously hosting an AP with the other. You still don't get internet with your clients connected to your hosted AP though until->

sysctl -w net.ipv4.ip_forward=1
#replace wlan1 with the interface that has internet
iptables --table nat --append POSTROUTING --out-interface wlan1 -j MASQUERADE
#replace wlan0 with the interface with your hosted AP
iptables --append FORWARD --in-interface wlan0 -j ACCEPT

Now you should have internet working everywhere :D Internet on your main machine, with one interface getting internet wirelessly, and a second interface hosting an access point that shares it!

For method b, edit /etc/network/interfaces set to something like this

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

iface wlan1 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet static

I have the IP configured manually, but you could change it to "iface wlan1 inet dhcp" and skip the other lines below it for dhcp instead of manual IP selection.

Then instead of the wpa_supplicant and udhcpc/dhclient commands, just do:

ifup wlan1

This way it should still connect and maintain your connection similar to what NetworkManager would do, but without using it.

Now you have your very own hosted access point that shares internet from another access point! :D

My Success In Action:



The two scripts I ended up with to automate launching my custom pineapple (sort of)


#wlan0 will be my hosted access point, and wlan1 is the interface with internet access...

systemctl stop NetworkManager
systemctl stop wpa_supplicant

ifconfig wlan0 up netmask
sleep 2
#start dhcp server for [your AP interface] interface
dhcpd wlan0

#start hostapd in background with specified config
hostapd -d -B /etc/hostapd/hostapd.conf 

#bring up interface and let wpa_cli handle staying connected...
ifdown --force wlan1
ifup wlan1 # edit: /etc/network/interfaces

#enable internet forwarding from wlan1 to wlan0
sysctl -w net.ipv4.ip_forward=1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface wlan1 -j MASQUERADE
iptables --append FORWARD --in-interface wlan0 -j ACCEPT


ifdown --force wlan1

killall dhcpd
killall udhcpc
killall hostapd
killall wpa_supplicant

systemctl restart NetworkManager

Surely you are able to get it working for you now :)

P.S. Hey Cooper I pulled it off using two separate interfaces one for the hosted ap and the second to get internet from. Would it work if instead it was one device virtually separated into two virtual interfaces? Anyway that's how the shared ap works in Windows (called virtual wifi sharing or something like that). Although it doesn't work well and maybe because it's trying to be an AP and a client at the same time with one physical device... This works much better, so even if one device for both would also work on linux I think it's best to have one adapter dedicated to being your AP and the other dedicated to getting that signal!

Link to comment
Share on other sites


big thanks for your effort, your tuttorial worked well for me in the 1st time then i wanted to edit the hostapd.conf file to change the ap name and password and then i typed: hostapd -d -B /etc/hostapd/hostapd.conf so i got this error message nl80211 could not configure driver mode...i restarted my kali linux 2.0 but i got the same. maybe the hostapd still running after restart idk.

thanks again man!

Link to comment
Share on other sites


big thanks for your effort, your tuttorial worked well for me in the 1st time then i wanted to edit the hostapd.conf file to change the ap name and password and then i typed: hostapd -d -B /etc/hostapd/hostapd.conf so i got this error message nl80211 could not configure driver mode...i restarted my kali linux 2.0 but i got the same. maybe the hostapd still running after restart idk.

thanks again man!

You can just call me Alf! Alfa is the company's name of wifi devices I like, and Alf is my name :) Cool that it worked to help you, as it did for me, since I may not have even figured out how to do it yet and you got me to "get around to it" faster! lol... As for hostapd not starting properly, after you restarted did you make sure you stopped NetworkManager AND the wpa_supplicant instance that it spawns? You can't just kill wpa_supplicant as network manager will launch it again to do what it needs to do, and you can't just kill network manager because it will leave a hanging running wpa_supplicant that it created...

It is also possible that nl80211 isn't the right driver for your device, but since it worked initially I doubt that's it... Actually you could figure it out easily by seeing what the network manager or ifup runs it as...


ps ax

And if you see network manager and/or wpa_supplicant you can see the driver it passes in the -D parameter of wpa_supplicant. "wext" seems to be a generic "wireless extensions" one you could try, there are others named differently depending on device and device drivers.

If you do see the network manager stop it: (or just know that it launches automatically on boot, and that you have to stop it)

systemctl stop NetworkManager
systemctl stop wpa_supplicant

or I think even

service NetworkManager stop
service wpa_supplicant stop

is another way to write it...

Another note: if you used ifup method b. instead of manually running wpa_supplicant and dhcp client to get IP, it's better because if you lose connection it'll automatically reconnect kind of like network manager would do, whereas dhcp getting an IP wont automatically get another one if your dropped and lose the one you had. You'd have to have some code running in a loop that somehow checks to see if your not connected anymore then re-runs dhclient or udhcpc again. That's kind of a hassle to implement and so I just use ifup and ifdown as my way of not having to write that code since it's already written there, and probably better than I would do it.

When doing it like that though I've noticed Network Manager can't seem to make use of the interface anymore since it relinquishes it's control to ifup, I'm pretty sure anyway. So I've mostly stopped using network manager altogether! :)

Oh and a final thing I know I said skip every line after "iface wlan1 inet dhcp" if using the /etc/network/interfaces edit method (ifup and ifdown) but I think "wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf" should stay so really the lines after that is what I meant to stick with dhcp instead of manual ip config. Plus you can add multiple wpa networks to your supplicant .conf to roam networks as you leave the signal area of one access point and enter another.

Edited by AlfAlfa
Link to comment
Share on other sites

Hey ALF how is it going; so I guess my problem was that the hostapd keep running even after i restart my kali linux, so i run "ps ax" and then kill hostapd pid (i wonder if there's a command line to do that)...anyway now i know how to create a an access point using hostapd the question now is how to create an evil twin ap using hostapd with same bssid and essid and channel of let's say my neighbor's network and its must be open so i can force him to connect to my fake ap when i deauth his network.

Edited by The_challanger
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...