Rogue Accesspoint + MitM Sniffing tutorial

[imported_=Tron=]

The paste bin containing the script is down, is the link broken?

Really interested to try this out!!

The link is working just fine.

[hm2075]

pastebin is fine

so guys anyone figured out the exact workings of airbase?


I've been playing with it for 3 hours and still no joy, a basic wireless setup with no encryption is fine, victim connects happily, when you start using -P commands as well as -W 1, -0, the victim cannot associate, this is needed when you are targetting a specific victim, aka evil twin network type setup

another thing - aircrack team needs to allow deauth on different channels, there is no way to do this at the moment, if airbase is set on a specific channel then deauth only works on that channel

so guys --- any tips? or do we wait for the aircrack team to implement the -h MITM mode?

[StriperTS]

Be sure to check the open bug reports on the main aircrack page before you pull too much of your hair out.

-- Tom

[adri_ht_]

Wonderful thread guys!!!

Well, I followed every single line in the script and ran them myself manually. Everything seems to be working fine with the exception that at0 is not able to resolve DNS queries from the client. Every DNS query is answered with an "Unreachable Network" as showed by wireshark. There is no communication between at0 and eth0 which is the one containing internet access.

I would like to resolve this but I'm kind of stuck and I don't know where to look. The following the wireless card I'm using for the Rogue AP:

Code:

14:00.0 Ethernet controller: Atheros Communications, Inc. AR5006EG 802.11 b/g Wireless PCI Express Adapter (rev 01)

Please light me up... Thanks

[hm2075]

check out the other threads regarding iptables, that may help

[adri_ht_]

check out the other threads regarding iptables, that may help

God, five minutes later and I get it working !!! I had a misconfiguration on dhcpd.conf, for some reason I though 10.0.0.1 was the DNS resolver. Thanks to the article provided in the first post I was able to fix it. Thanks

Note: Once I launch Ettercap, the client(IPod Touch) loses its internet access.

[imported_Deathray]

When you fire up airbase-ng on your Alfa do you see the following lines?

Code:

14:38:12  Trying to set MTU on wlan0 to 1800
error setting MTU on wlan0
14:38:12  MTU on wlan0 remains at 1500

I ran into the problem described by Revelati which basically resulted in the clients only being able to surf a few webpages correctly while most would refuse to load. Setting the MTU of the at interface to match the MTU of the Alfa interface solved this problem.

Update: Finally got to actually try out your script and have to say that it works wonderfully, including the ettercap implementation and SSL. I did nevertheless need to modify the script to use MTU 1500 on at0, without which the previously described issue would occur. I also still seem to have problems connecting to the rogue AP when using the -P -C switches in airbase-ng. I also noticed the malformed packets in Wireshark when monitoring the wlan0 interface, this is however easily overcome by simply using the at0 interface instead, which is why I didn't notice it previously. I also seemed to be able to run mdk3 alongside airbase-ng using the same interface. I say seemed at this point as I have only confirmed that they both are able to run alongside each other without problems, but have not further investigating how well mdk3 works in this manner.

Glad to hear you got (most of) it working . Try leaving out the -C, if your lab has an abundant amount of access points because airbase-ng will attempt to spoof every single one of them which will most likely cause the rogue ap to stop functioning, definitely what happened in my case. And yes, I get the exact same error in Airbase regarding the mtu.
About the only few website's working, the same thing happened to me when using 1500 mtu. Kind of weird it is the opposite compared to you. But setting the mtu to 1400 as I do so in the script definitely fixed it for me. But good to know for other people troubleshooting, that MTU may be the issue, I also updated the tutorial to reflect possible MTU problems.

God, five minutes later and I get it working !!! I had a misconfiguration on dhcpd.conf, for some reason I though 10.0.0.1 was the DNS resolver. Thanks to the article provided in the first post I was able to fix it. Thanks

Note: Once I launch Ettercap, the client(IPod Touch) loses its internet access.

Ettercap working on an at* interface took me a long time to work. If /proc/sys/net/ipv4/ip_forward is set to 1, the internet will work right until you start ettercap. Once you start ettercap /proc/sys/net/ipv4/ip_forward will still stay on 1, but the internet connection will be lost. But for some weird reason if you run echo "1" > /proc/sys/net/ipv4/ip_forward after executing ettercap on the at0 - it works. This sounds completely weird, and if you asked for an explaination, I couldn't answer. But one thing for sure, this method works! Check out the script as it shows the correct way of setting it up,(:

[adri_ht_]

Ettercap working on an at* interface took me a long time to work. If /proc/sys/net/ipv4/ip_forward is set to 1, the internet will work right until you start ettercap. Once you start ettercap /proc/sys/net/ipv4/ip_forward will still stay on 1, but the internet connection will be lost. But for some weird reason if you run echo "1" > /proc/sys/net/ipv4/ip_forward after executing ettercap on the at0 - it works. This sounds completely weird, and if you asked for an explaination, I couldn't answer. But one thing for sure, this method works! Check out the script as it shows the correct way of setting it up,(:

Thanks, everything led me to this

Possible explanation taken from man ettercap:

The kernel ip_forwarding is always disabled by ettercap. This is done to prevent to forward a packet twice (one by ettercap and one by the kernel).

Code:

ettercap -T -q -u -p -i at0 /10.0.0.100/ //

Note the new "-u" parameter which prevents ettercap from disabling the kernel ip_forwarding.

[benzslr123]

when i run airbase-ng my computer disconnects me from the LAN i was on, and the internet

does this require 2 interfaces? (not including at0)

[imported_=Tron=]

when i run airbase-ng my computer disconnects me from the LAN i was on, and the internet

does this require 2 interfaces? (not including at0)

Yes. You cannot expect to use the same wireless interface to create the fake AP and keep your own connection up and running simultaneously.