Hello BT community.
19/11/2009 download links updated
Download wlan_0.8.1a.tar.bz2 from Mediafire.com
Download wlan_0.8.1a.tar.bz2 from Uploadingit.com
It will be extracted four files:
tar xjf wlan_0.8.1a.tar.bz2
You don't have to extract the airchat.tar.bz2. Just leave it in the same place with wlan_nick.sh. The script will extract it to the right place.
(You must be root and connected to the Internet to continue.)
The 1st time that you will run the script it will create backup-working folders (default is /root/wlan_nick/), it will download any programs that they are missing (usually dnsmasg,squid3,sarg) and it will create backups (iptables, conf files etc) so we can restore them, if we want, the next time that we will run this scripts.
After downloading,installing,backup you will prompted to configure sarg. (language, date format and full urls).Choose as you want. After this you will prompted to enter the interface that you are connected to the Internet.This could be point-to-point (ex ppp0), ethernet (ex eth0) or wirelessly (ex wlan0). After that you must enter the wireless interface that we will use for the creation of the fake AP. This could be any card that can support injection. If that card is a Atheros based card then you will prompted to download and install madwifi-ng drivers (revision 4073) patched for injection, so we can use them to create a : "master mode" AP (very high speeds) or a "monitor mode + airbase-ng" AP (also high speeds).
To see if your card supports master mode please check this link: Compatibility - madwifi-project.org - Trac
It is highly recommended to install madwifi-ng ( you will be able to uninstall them the next time that you will run this script) even if your card can't support master mode. But if it supports, then you can consider your self as a lucky one. If you don't want to install them just continue and it will use ath5k or ath9k kernel modules. Note that if you don't own a Atheros card you will not be prompted to install-use madwifi-ng.
Next, the script will bring up a monitor mode interface and you must enter that when you will prompted. After that you will be prompted to enter optional inputs:
a) ESSID : [You must enter the ESSID] Can be any printable, up to 31, characters long (except space and "\")
b) MAC address : [Optional] Can be any HEX character. Excact 12 characters long
c) Channel : [optional] Can be any number from 1 to 13.
d1) Blank for OPEN (No encryption)
d2) ASCII password: 5 or 13 characters ASCII (ex aaaaa or aaaaaaaaaaaaa)
d3) HEX password : 10 or 26 characters HEX (ex ab:cd:ef:01:23 or ab:ab:ab:ab:ab:ab:cd:ef:01:23:45:56:67)
Please follow this link for exxtra info:
After that you must choose one of the following modes:
1. Simple WLAN
2. Transparent Proxy-ed WLAN
3. Transparent SSLstriped WLAN
4. Transparent Proxy-ed and SSLstriped WLAN
5. Upside down, Blur, Swirl client's browser images
6. Forced downloading files
7. Air chat
8. Anonymous Surfing (TOR tunnel)
1. There is nothing to say. Your clients will be connected to the Internet.
2. Your clients will be transparently proxyed and connected to the Internet. (you can use sarg)
3. Your clients will be transparently SSLstripped and connected to the Internet.
4. Your clients will be transparently proxyed & SSLstripped and connected to the Internet (you can use sarg) In this mode reports from sarg doesn't show domain names (only IPs) because traffic comes from sslstrip.
5. Your clients browser images will be Upside Down or Blured or Swirled.
Check this link for further information: Upside-Down-Ternet
6. In this mode our clients are forced to download ,when they ask to, our files.
The script it will create four zero byte files in /tmp/bad_files/ folder. These files are : test.exe, test.rar, test.zip and test.doc.
When a client tries to download a exe or rar or zip or doc file from any site then the script will serve to them one of the above files.(Matching the extesion of it)
[Mode 6 example: Let's say we want our client to execute a keyloger file. That file is called keylog.exe. All we have to do is to rename the keylog.exe to test.exe and copy it to /tmp/bad_file/. Now when a client tries to download a exe file ,let's say acrobat_reader.exe ,it will be forced to download every time our keylog.exe wich will be renamed to acrobat_reader.exe and the download location will be the original ]
7. When a client tries to connect to a web site, he will be forced to chat with your box via web browsers.
8. Your clients will surf anonymously in to the web using a TOR exit node.
For modes 5 and 6 please follow this link:
For mode 7 please follow this link:
For mode 8 please follow this link:
Choose 1-6 and you are ready to go. Connect a client to your WLAN and if you choose 2, 4, 5 or 6 then open up a console and type sarg. Then go to (default) /root/wlan_nick/squid-reports/ and open index.html to see who-when-what they are visiting.
If you choose 3 or 4 then a file will be created at /root/wlan_nick/output-ssl.log which is sslstrip's log. Open it up to see SSL related traffic, or you can do:
The second time that you will run this script you will prompt to restore files - uninstall(if installed) madwifi-ng - restore iptables. Do as you want. The followings are the same as the 1st time.
cat output-ssl.log | grep 'SECURE POST'
After you run it at least one time, a wlan.conf file will be created at your $HOME_DIR and it will look like this:
SYSTEM_UPDATED yes = stands for apt-get update. (Don't change that)
RESTORE_MODE yes = If you don't want to be prompted every time to restore-uninstall set it to "no"
SSLSTRIP_DL no = If you want to try sslstrip 0.6 set it to yes. The next time it will download and install ver 0.6 of sslstrip. I found out that it's a little bit slow than the 0.1 that comes with BT4
SARG_RECONF no = If you want to be prompt every time to reconfigure sarg set it to yes.(for testing)
ATH_PROMPT yes = If you have a Atheros based card and you don't want to be prompted to install madwifi-ng set it to no. Also if it is set to yes and you don't own a atheros card you will not be prompted.
INET_WIRELESS_PROMPT yes = if you don't want to be prompted to enter every time for internet and wireless interfaces set it to no. The script will be use the following three tags
INET_CONX ppp0 = How we are connected to the internet
WIRELS_IFACE wlan = Our wirelles interface
WIFACE_MON mon0 = Our wirelles interface in monitor mode
ESID_MAC_CHAN_PROMPT yes =If you don't want to be prompted to enter every time for essid,mac,channel and encryption set it to no. The script will be use the following five tags
ESSID Free_wifi = The name of the AP
MC_ADDRS 00:11:22:33:44:55 = The MAC address of the AP (Could be blank)
CHANNEL 7 = The channel of the AP (could be blank)
ENCRYPTION = What encryption type we will use. This could be : OPEN, ASCII_40, HEX_40, ASCII_104, HEX_104
KEY = OPEN (for no encryption). Or the WEP key (40 or 104 bits) that we have entered
Nbpps_USE no = If we want to change the default value for number of packets per second who transmided then we set it to "yes".If no then we use the default value 100.
Nbpps_VALUE = This sets the number of packets per second transmission rate (default: 100). Available values are : 1 - 1000
MTU_MON 1400 = The MTU value of our monitor mode interface
Don't forget to leave a space after the tags in wlan.conf.
If you don't want to mess things leave it as it is. The script will work just fine.
This script is tested with:
Running on BT4PF (kernel 188.8.131.52) it should work with newer kernel.
Internet from pppoA and wirelessly
Wireless cards: Atheros AR5001X+ (ath5k and ath_pci) and zydas zd1211rw
clients: BT4PF and windows XP SP3 EN
MOD EDIT: Changed thread title based on the OP's wishes.
Old title: How to: E-Z setup a Multi-Mode WLAN based on a Fake AP