Friday, July 19, 2013

Cracking WIFI Passwords with just the client

Well , I got the Idea for this script from Security Tube Episode 26 , In which Vivek Ramachandran sir explains the idea behind cracking wifi passwords with just the client. Be sure to check that out .

Here I will be posting my own script which I wrote this morning to automate the process , It's bit naive but I will certainly add stuffs to it like specifying the wordlist file for aircrack-ng or even if new techniques come up for cracking wifi with just the client , I will update the script if I find any more info on it ..

Well you are free to do whatever you want with the script , But please note its only for educational purposes..

any way the script can be found here .

More info will be updated soon ..

Stay Safe .. Happy Hacking

Thursday, July 18, 2013


In this post we will see what are the thing we can do with the clients who have connected to us via the Fake Ap ..

Note if you haven't read and followed what we did in our previous post I recommend you check that first .

MITM Wifi Honeypot - part 1

 Ok.. so we have created the Fake AP , our client is connected to us and we have supplied them with our dhcp pool of address .. With this all done lets begin the FUN part..

What we will be doing ?

We will be doing dns spoofing that is we will forward all our client's request to our own computer so that we can monitor the request and even modify them if we want to and get all those details like the sites visited , sites user name and password ..and even modify those request and response .. sounds lot of fun lets get going ..

DNS spoofing 

to do dns spoofing type

dnsspoof -i at0

what we are doing is that we are forwarding all the dns request of our client to our own ip address ..  we should be able to see something like this

now thats done we have dns spoofing running and every client request is being forwarded to our own ip address now we will bind a proxy to our ip address so that we can intercept and create a transparent proxy so that the client may be able to connect to the Internet.

Note : we must be connected to the Internet for the client to be able to connect to the Internet .

ok lets start burpsuite

Now go to the Proxy Tab and to the Options tab of it click on Add

Type In 80 In the bind to port box
and select your router address or your at0 address in our case it is
And click on request handling tab and check the tick box for support Invisible proxying
click on ok and we are done ..

Repeat the same with port no 443 to handle HTTPS requests :P

Now you can see any request the client makes in the intercept tab and you can tamper with it monitor it forward it or even drop it .. You are the BOSS now :D .. you can even get login id and passwords of different site the client uses .. but while using https site the client will get a warning ..which most of the time they ignore :D

If you have any queries feel free to ask ..

Happy Hacking .. Stay SAFE 


Well after a long time I am writing an tutorial .. I had even bought and for a year but I didn't post any thing there so it just got lapsed , I am sorry for not keeping up..but now I am trying to continue  this blog by posting about the tings that I am trying these days...

Lets cut the crap .. and start of with our hacking .. :D

What are we doing today ?

Today we will create a fake wifi hotspot so that clients may connect to it and we can see what they are up to even log their facebook , or any web service  passwords if they happen to browse them on our hotspot.

Where can we use this ?

Well you can use it any where where there are lots of wifi users around i.e laptops , smart phones .. who have their wifi on and are searching for wifi networks. I would recommend places like college campus .. well I use them there :D

Um... So What the tech behind it ?

You will act as a valid wifi hotspot provider .. Providing free Internet access to everyone :) . Those who connect to it you will monitor all their data and then forward it to the real server you will be acting like a man in the middle.
Intercepting every data , Even changing them  to suit your needs and forwarding them to the real server and forwarding the replies back to the client.

[CLIENT] <-------------> [ YOU ] <------------> [INTERNET] 

What are the tools required ?

I use Linux and I suggest you should also , So I will be using Kali Linux . Its a Linux Distribution with all the tools required for hacking are usually pre installed .

  1. Linux OS
  2. Wifi Adapter which supports creating hosted network
  3. Internet  Connection 
  4. a little bit of Patience
  5. And this site of course,  to guide you ;)
If you have all this tools of  trade lets get started .. 

Software Required 

If you have Kali Linux or even Backtrack or any distribution which has aircrack-ng  suite of tools then you are good .. Else you need to install it from here - or you can start your terminal / console and type

apt-get update
apt-get install aircrack-ng 

NOTE: even kali and backtrack users I suggest you use dnsmasq [instead of dhcpserver3 or dhcpd ]and install it once again even if its already installed.

Next you need to have dnsmasq to get it type

apt-get install dnsmasq
Now you are ready .. Lets start ..

Setting Up

First we need to gather some information ..plug in your usb wifi adapter if you have one and in terminal / console type 


You should see something like this on your screen
There you will see wlan0 or even wlan1 [If you have extra wifi adapter ] . Take a note of what you have and then type
airmon-ng start wlan0
airmon-ng start wlan1

depending on what you have You should be able to  see (monitor mode enabled on mon0) 

Now thats done .. lets proceed .. 
Next we need to monitor the airwaves to get the names of the wifi access point the clients are trying to connect to do that type 

airodumpn-ng mon0

You should be able to see a few clients and under probe you will find the name of the Access Point the client is trying to connect to in this example we see that the client is searching for the wifi access point named achutetech

So we will create a Fake Ap with the name of achutetech and try to make the client connect to us . To do this we type ..

airbase-ng --essid achutetech mon0

In our example we see this 

That we have successfully managed to create a fake AP and a client with an client also was successfully associated with our fake AP. But the client will still not be fully connected to our AP since we haven't provided it with any IP address  . To do so we use dnsmasq

Note :  I have tried using dhcpd or dnsserver3 but they seem to be error prone while configuring them  and it was getting errors like Interface name is too long and all so I switched to dnsmasq and it seems to work great :D
To verify that we have dnsmasq type

whereis dnsmasq

and to see whether we have the configuration file or not [I have noticed that even tough dnsmasq was installed on Kali Os it didnt have the dnsmasq.conf file so to get it type apt-get install dnsmasq ]

and to verify that we have the config file type

ls /etc/ | grep dnsmasq

if dnsmasq.conf file is returned then its well and good But if not try

apt-get install dnsmasq

Ok now we have the dnsmasq we need to configure a few things type

vim /etc/dnsmasq.conf

[How to use vim - I will be writing a quick tutorial on it soon ]
now scroll down to line 90 or around you should see

# interface=

change it to


// at0 is the interface in which our FAKE AP lies

now scroll down even more to line 141 you  should see


just remove the #

and you are good to go :D

Now we have to supply an ip address to your router [i.e the fake ap ]

to do so type

ifconfig at0 up

and to start the dhcp service type


Now your clients should be able to get an ip address for themselves.

We have Finished the configuration part for now .. The Fun Part will be in the next post :D

The Part two is ready - here is the link

MITM - WIFI Honeypot part 2

If you have any problems till now do comment below I will try my best to reply thanks ..