How to: E-Z setup a Multi Mode WLAN based on a Fake AP

[purehate]

It's tested and verified.

Thanks for the reply. You cant really say tested and verified if no one else can get it to work though. Ill try again later. I was getting internet from a modem and the soft AP was a alfa card. You should re read my post maybe.

[MikeCa]

My config:

- bt4 pre-release running in VMWare Fusion 2.0.5 (host Snow Leopard)
- Alfa AWUS036E (wlan0)
- eth0 for connection

My experience:

- It was confusing when asked to choose the language for Sarg, just being honest (I see that once I got it right that the example was a good example "English".) What confused me was that there was a # next to each language that made me think I needed to type a number. Either way, type out the language, like "English".

#1: Simple WLAN worked right away, no issues. (http and https to gmail.com, got certificate warning).
#2: Same, worked fine, no cerficate warning
#3: could run http, not https. "code 400, message Bad Request version" showed up in output-ssl.log
#4: same result as #4, but got "code 400, message Bad Request syntax" in output-ssl.log

Good start, let's get these bugs ironed out.

For some reason by reducing the mtu it solved the problems and allowed access to all the web pages.

How do I reduce the MTU when using airbase-ng? In this script it fires up and says that it is trying to use 1500. I have searched documentation for airbase-ng and it does not seem to support a mtu argument. Should this be done through ifconfig?

[Archangel-Amael]

Do not double post edit your posts using the Edit button located at the bottom right hand side of said post.

[Nick_the_Greek]

Well. Maybe there is an issue with alpha cards and SSLstrip.
http://forums.remote-exploit.org/wir...tml#post139360

I also found out that I have some minor faults in iptables for 3 and 4 modes, but in a weird way its working for me. I upload a new version. Please go to the 1st post, download again and try it out. At wlan.conf you will see a new option:

Code:

MTU_MON 1400

If it is needed, please change that. Don't know yet what should be. It will change the mtu value for "at0" when no "madwifi-ng drivers - atheros card" is found, or the mtu value for ath0 when madwifi-ng drivers and atheros card is present.

9 days ago I started a post
http://forums.remote-exploit.org/wir...02-11-mtu.html
but I got no reply yet. So is hard to me to say what to do with mtu.
For me the value of 1400 (for arheros card broadcasting and internet from pppoA) it's OK. Haven't "played" hard with it.

@pureh@te
I am reading very carefully, but you know, my English are...Maybe I misunderstand you.

eth0 connected to LAN with cable

I was getting internet from a modem and the soft AP was a alfa card. You should re read my post maybe.

What I was trying to say is: if the machine, that is running my script, is getting internet through a modem (point-to-point connection) then things should be easier. Not from a Ethernet card.

As for:

You cant really say tested and verified if no one else can get it to work though.

Yes, you are right at some point. It's tested and verified for some very limited configurations. In matter a fact 3 different wifi-cards, 2 different ISPs, 2 types of connections to internet (pppoA and wirelessly), 3 different PCs and one eeepc as a client and a server.

@Revelati,
Can you please bring some light to it. Which is that value for Alpha cards?
So I can add that value into my script, when a Alpha card is used with airbase-ng.

@Mikec

#1: Simple WLAN worked right away, no issues. (http and https to gmail.com, got certificate warning).
#2: Same, worked fine, no cerficate warning
#3: could run http, not https. "code 400, message Bad Request version" showed up in output-ssl.log
#4: same result as #4, but got "code 400, message Bad Request syntax" in output-ssl.log

You shouldn't get any certificate warning in simple mode. We just give Internet access to our clients in this mode.
Please download again and try out. It should work now.
To reduce or to increase mtu:
ifconfig wlan0 mtu xxxx. Note that some wifi cards doesn't let change the mtu value above or below 1500.

Guys, I don't want to torture you. I am trying to find what is wrong with a hardware that I don't own. Please help me out so anyone can use this little-stupid script.

Nick

[purehate]

Nick, sorry I realize there is a language issue I wasnt trying to sound mean although when I re read my post it was a little harsh. Anyway I would like to help you get this working because I think its a great idea. I will try to work on it some today while I am at work.

[Nick_the_Greek]

Anyway I would like to help you get this working because I think its a great idea. I will try to work on it some today while I am at work.

You just won vacations to Greece.

[BT2008]

@ Nick the Greek
----------------

@BT2008
I got to change some things, when eth0 is used to connect to Internet. Since you are able to access http & https sites in "Simple" mode then the fault is mine. I was wrong in iptables rules in the other 3 modes. You can try this.(It's working for me, but I am getting right know Internet through a modem)

For both you guys, for the moment, the easiest way to get this script to work is to get internet through a modem or wirelessly. It's tested and verified.

Hello Nick, great to see that you really want to have it work for everybody
When you read my post then you know that I tried to connect trough Internet from a wireless card and from a ethernet card but both don't work for https .

I will download your 'new' script again and try it tonight I will give you the results asap.

[Nick_the_Greek]

Hello Nick, great to see that you really want to have it work for everybody

With a little help-test from you guys it will work. I am sure for that. It's not something difficult. I just don't own the hardware equipment that you have.

As for the 'new' script, at least you should get ( I hope ) mode 1-2-3 working. If it is not very hard for you, try as many combinations as you can. Different modes, wifi-cards etc.


Thank you for being a part of this. Looking forward for your results.

Nick.

[BT2008]

Results: http and https is working, so far so good Nick
But there are no registrations of visited https sites in the output-ssl.log, I only tested mode 4.
Do you have any idea?

[yeehawjared]

Nick,
Excellent script. I spent the last 6 hours or so picking your script apart to understand how and why you do what you do.

I have an Atheros card (Orinoco 8480-FC) and everything works great. I installed the patched madwifi drivers and got the AP working in both master and monitor modes.

For some reason I have to `airmon-ng start wifi0` prior to running your script. After that everything works.

I'm getting AMAZINGLY FAST wifi speeds from connected clients. Sustained download rates of 600+Kbps. No one would even notice any MITM activity. HTTP and *some* HTTPS sites work. My 2 banks work until you actually try to log in, then I get a time out. Other SSL sites work flawlessly like gmail, my work's MS Exchange, etc.. No cert popups of any kind.

Sarg is a nice touch as well. I'm not that familiar with squid, but will dig a little deeper now that I'm interested. I did notice that when running sslstrip, the reports are all IPs - not domains. Kind of useless without the domain names of the websites.

What would really be nice is sslsniff... going to keep chopping up your script and see if I can't get it working myself.

Very good job, I really hope to see this tool evolve over time. I'd be very interested in supporting this and trying new things. I'm going to keep playing around with different things and report back what works / what breaks with new functionality.

EDIT: Tried my HTTPS banks again and all was good.