Results 1 to 10 of 10

Thread: Fake AP with transparency problem

  1. #1
    Junior Member
    Join Date
    Dec 2008
    Posts
    41

    Default Fake AP with transparency problem

    Hi to all!

    i have a vaio with 3 wifi interfaces:

    wlan0: intel integrated connected to internet trough router

    ath0: ubiquiti srx minipci express

    wlan1: ALFA usb

    I would like to set wlan1 as access point.

    i done this:

    Code:
    ifconfig wlan1 down
    modprobe r8187
    modprobe tun
    iwpriv wlan1 highpower 1
    iwconfig wlan1 txpower 25
    ifconfig wlan1 up
    airmon-ng start wlan1
    airbase-ng -P -C 30 -e "Wifi100" -v wlan1
    ok i can see AP from my windows pc, then:

    Code:
    ifconfig at0 up
    ifconfig at0 mtu 1500
    ifconfig at0 10.0.0.1 netmask 255.255.255.0
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    killall dhcpd
    dhcpd at0
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
    iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 192.168.0.2
    iptables -P FORWARD ACCEPT
    iptables --append FORWARD --in-interface at0 -j ACCEPT
    note that 192.168.0.2 is my router and i have dhcp installed in my vaio with this settings:

    Code:
    ddns-update-style ad-hoc;
    default-lease-time 600;
    max-lease-time 7200;
    subnet 10.0.0.0 netmask 255.255.255.0 {
    option routers 10.0.0.1;
    option subnet-mask 255.255.255.0;
    option broadcast-address 10.0.0.0;
    option domain-name "example.com";
    option domain-name-servers 10.0.0.1;
    range dynamic-bootp 10.0.0.16 10.0.0.55;
    #range 10.0.0.20 10.0.0.50;
    
    }
    ok, now i try to surf but i get no response from gateway.

    The funny thing is that if i try to set up an ap with ath0 doing this:

    Code:
    wlanconfig ath0 destroy
    modprobe ath_pci
    wlanconfig ath0 create wlandev wifi0 wlanmode sta
    iwpriv ath0 mode 3
    iwpriv ath0 turbo 1
    iwconfig ath0 channel 6
    airmon-ng start wifi0
    ifconfig lo up
    modprobe tun
    airbase-ng -c 6 -e wifi -a 06:15:6D:66:04:EA ath1
    and then applying the same rules explained over here i can connect and surf.

    I have noticed some difference in ettercap console:

    when i make AP with ath0 and all works well it prints:

    DHCP: [00:1C:9A:2D:F6:A6] REQUEST 10.0.0.55
    DHCP: [10.0.0.1] ACK : 10.0.0.55 255.255.255.0 GW 10.0.0.1 DNS 10.0.0.1 "example.com"

    when i try to make AP with wlan1 and it wont works:

    DHCP: [00:1C:9A:2D:F6:A6] DISCOVER
    DHCP: [10.0.0.1] OFFER : 10.0.0.55 255.255.255.0 GW 10.0.0.1 DNS 10.0.0.1 "example.com"

    I hope to have explained my situation.

  2. #2
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    airbase-ng -P -C 30 -e "Wifi100" -v wlan1


    change to airbase-ng -e "Wifi100" -v wlan1 for a standard ap for the time being

    have you checked the commands here
    http://pastebin.com/f556dd85c

    line 30 to line 41 is what you need


    on the victim pc do an ipconfig and let me know what u have

  3. #3
    Junior Member
    Join Date
    Dec 2008
    Posts
    41

    Default

    ok thi is exactly what i do:


    wlan0 connected to internet then:

    Code:
    modprobe tun
    airmon-ng start wlan1
    airbase-ng -e "Wifi100" -v wlan1
    then:

    Code:
    ifconfig lo up
    ifconfig at0 up
    ifconfig at0 10.0.0.1 netmask 255.255.255.0
    ifconfig at0 mtu 1400
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.0.2
    iptables -P FORWARD ACCEPT
    dhcpd at0
    echo "1" > /proc/sys/net/ipv4/ip_forward
    and then this is what i get doing ipconfig on a client machine:
    IP: 10.0.0.53
    subnet mask: 255.255.255.0
    gateway: 10.0.0.1

  4. #4
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    You might also find some useful information in this thread
    - Poul Wittig

  5. #5
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    post routing is missing

    in your case i assume

    iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

  6. #6
    Junior Member
    Join Date
    Dec 2008
    Posts
    41

    Default

    Ok, i input:
    iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE

    nothing, same error.

    then i tried to remove set mtu 1400 from at0
    but no changes

    i tried also to redirect to port 53

    iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 192.168.0.2
    no changes...


    in dhcpd konsole i get:

    DHCPDISCOVER from 00:1c:9a:2d:f6:a6 via at0
    DHCPOFFER on 10.0.0.55 to 00:1c:9a:2d:f6:a6 via at0
    DHCPREQUEST for 10.0.0.55 (10.0.0.1) from 00:1c:9a:2d:f6:a6 via at0
    DHCPACK on 10.0.0.55 to 00:1c:9a:2d:f6:a6 via at0

    it seems good...

    This is what wireshark listen on interface at0:

    Code:
    54 74.245286   0.0.0.0               255.255.255.255       DHCP     DHCP Discover - Transaction ID 0x31ef0468
    55 74.245410   10.0.0.1              255.255.255.255       DHCP     DHCP Offer    - Transaction ID 0x31ef0468
    56 74.262911   0.0.0.0               255.255.255.255       DHCP     DHCP Request  - Transaction ID 0x31ef0468
    57 74.270129   10.0.0.1              255.255.255.255       DHCP     DHCP ACK      - Transaction ID 0x31ef0468
    58 74.276686   NokiaDan_2d:f6:a6     Broadcast             ARP      Who has 10.0.0.37?  Tell 0.0.0.0
    59 75.728280   NokiaDan_2d:f6:a6     Broadcast             ARP      Who has 10.0.0.1?  Tell 10.0.0.37
    60 75.728289   Alfa_21:37:c4         NokiaDan_2d:f6:a6     ARP      10.0.0.1 is at 00:c0:ca:21:37:c4
    61 75.730270   10.0.0.37             10.0.0.1              DNS      Standard query A ea.mobile.nokia.com
    62 75.780405   10.0.0.1              10.0.0.37             DNS      Standard query response A 62.61.85.78
    64 76.730646   10.0.0.37             10.0.0.1              DNS      Standard query A ea.mobile.nokia.com
    65 76.780898   10.0.0.1              10.0.0.37             DNS      Standard query response A 62.61.85.78
    66 80.760874   10.0.0.37             10.0.0.1              DNS      Standard query A ea.mobile.nokia.com
    67 80.762874   10.0.0.37             10.0.0.1              DNS      Standard query A ea.mobile.nokia.com
    68 80.763488   10.0.0.37             10.0.0.1              DNS      Standard query A ea.mobile.nokia.com
    69 80.764376   10.0.0.37             10.0.0.1              DNS      Standard query A ea.mobile.nokia.com

  7. #7
    Junior Member
    Join Date
    Dec 2008
    Posts
    41

    Default

    I have tried also with this script:
    http://dl.getdropbox.com/u/26528/HoneyPotdeLuxe.sh

    Same thing: Doing Access Point with the atheros card all works well, instead doing it with Alfa clients can't surf even if the settings given to the clients are the same (ip, dns , subnet mask and gateway)

    I'm very interested about this weird problem now!!

  8. #8
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    are u using your phone as the victim?

    i'm thinking nokia n95 probably?

  9. #9
    Junior Member
    Join Date
    Dec 2008
    Posts
    41

    Default

    yes in this case while i was using wireshark, but i ave tested AP with another 2 cliets, two other normal pc

  10. #10
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    with the nokia phones I can confirm it won't work

    i think it has something to do with ipv6, and the reason we can't forward these type of packets,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •