Results 1 to 5 of 5

Thread: How to make your laptop act as an AP (Access Point) using Airsnarf and BT2

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    3

    Default How to make your laptop act as an AP (Access Point) using Airsnarf and BT2

    I'n new to BackTrack and Wifi, so I had to learn some stuff the hard way. I thought myself smart and downloaded the Beta version of BT and I soon realized that everything isn't tested and set up to work out of the box. It contains some pretty nice tools, but you must know what you're doing to get them set u to work nicely (or you must know how and where to find out -- use google!)

    Using AIRSNARF:

    Airsnarf is a nice little bash file that allows you to act as an AP and put a fake login website on that allows you to gat the usernames and passwords of unsuspecting users. These are mainly the pay-per-use user names and passwords people use for internet access at hotels or coffee shops.

    If you run Airsnarf on BT2 you will see the following errors:

    Setting the wireless parameters...Error for wireless request "Set ESSID" (8B1A) :
    SET failed ondevice wlan0 ; No such device.

    There will be lots of other errors reading "No such file or directory" or "No such device".

    TO fix this you must do the following:

    Open the airsnarf file in KWrite amd change the following:

    line 36 (This is where you set up your wifi card to act as an AP)
    replace the line that reads "iwconfig $ROGUE_INTERFACE essid $ROGUE_SSID mode master" to

    ifconfig $ROGUE_INTERFACE down
    wlanconfig $ROGUE_INTERFACE destroy
    wlanconfig $ROGUE_INTERFACE create wlandev wifi0 wlanmode ap
    ifconfig $ROGUE_INTERFACE up
    iwconfig $ROGUE_INTERFACE essid $ROGUE_SSID mode master

    Now save it and the go edit/configure the airsnarf.cfg file. You will find it it /pentest/wireless/airsnarf-0.2/cfg/airsnarf.cfg
    The $ROGUE_INTERFACE is the name of the wifi adapter you want to use. Leave it as is(wlan0) or make it ath0. It really doesn't matter.
    The $ROGUE_SSID is the ssid of your fake AP. Make this the same as the ssid of the AP you want to fake. You want people to believe you're it!

    Run Airsnarf and see if another computer can find it as an AP. It should work.

    In BT2 you will also have problems with getting the dhcpd, httpd and sendmail to work. I haven't figured it out yet, so I hope someone will help me with that and put it on the forum :-)
    The defualt /etc/init.d/dhcpd ect. is not there as this OS uses other servers (maybe Apache). If someone can please help me by telling me where to start looking I might just edit the shell script and post the modified BT2 version to work out of the box.

    Hope this helped.

  2. #2
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default same prob

    I had the same problem, I posted a tutorial awhile back, not sure if its still up here on how to get it working on BT1, ill upload it tomorrow when I get back to my laptop with BT. I have it working correctly, I've actually changed it a bit and made it more like a karma.

    ReL

  3. #3
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default found it

    Found the tutorial that I wrote here:

    Hey guys,

    I am doing this based off of memory so we'll see how this goes.

    You need to create the following files:

    /etc/rc.d/rc.httpd
    /etc/rc.d/rc.dhcpd

    The source for the httpd is here:

    #!/bin/sh
    #
    # /etc/rc.d/rc.httpd
    #
    # Start/stop/restart the Apache web server.
    #
    # To make Apache start automatically at boot, make this
    # file executable: chmod 750 /etc/rc.d/rc.httpd
    #
    conffile=/etc/apache/httpd.conf

    function start() {
    if grep -q "^Include /etc/apache/mod_ssl.conf" $conffile ; then
    /usr/sbin/apachectl startssl
    else
    /usr/sbin/apachectl start
    fi
    }

    function stop() {
    /usr/sbin/apachectl stop
    }

    function restart() {
    /usr/sbin/apachectl restart
    }

    # See how we were called.
    case "$1" in
    start)
    start
    ;;
    stop)
    stop
    ;;
    restart)
    restart
    ;;
    *)
    echo "usage $0 start|stop|restart" ;;
    esac

    THE SOURCE FOR DHCPD IS HERE:

    #!/bin/sh
    #
    # /etc/rc.d/rc.dhcpd
    #
    # Start/stop/restart the Samba SMB file/print server.
    #
    # To make Samba start automatically at boot, make this
    # file executable: chmod 755 /etc/rc.d/rc.samba
    #

    dhcpd_start() {
    if [ -x /usr/sbin/dhcpd -a -r /etc/dhcpd.conf ]; then
    echo "Starting Dhcp..."
    /usr/sbin/dhcpd -cf /etc/dhcpd.conf eth0
    fi
    }

    dhcpd_stop() {
    killall dhcpd
    }

    dhcpd_restart() {
    dhcpd_stop
    sleep 2
    dhcpd_start
    }

    case "$1" in
    'start')
    dhcpd_start
    ;;
    'stop')
    dhcpd_stop
    ;;
    'restart')
    dhcpd_restart
    ;;
    *)
    # Default is "start", for backwards compatibility with previous
    # Slackware versions. This may change to a 'usage' error someday.
    dhcpd_start
    esac

    You will need to change "/usr/sbin/apachectl restart" same thing with start and stop to just "apachectl". Its in a different directory so it won't work correctly with the ones specified in the code.

    You will need to change the eth0 in both of them to be ath0 or wifi0 whatever your wireless card is. That will get airsnarf at least working. You will need to edit the airsnarf_dns_pl.cfg to get the proper DNS working. You will also need to edit the airsnarf.cfg with the appropriate information such as inferace, ip address ranges, etc.

    Reboot the machine, now apache and dhcpd will automatically be started. You can run airsnarf.

    I have personally customized by page, and added a 0 width, 0 height hidden frame that will run in conjunction with metasploit on 8080. You can get as crazy as you want with it. You will have to replace the index.html that airsnarf copies over.

    Good luck with your newly installed Rogue Access Point.

  4. #4
    Junior Member
    Join Date
    Jan 2010
    Posts
    55

    Default

    Airsnarf sounds cool - from their website:
    "Users will have all of their DNS queries resolve to your IP, regardless of their DNS settings, so any website they attempt to visit will bring up the Airsnarf "splash page", requesting a username and password"

    Do you guys know if it's possible to disable the splash page and have unsuspecting users connect normally like they would with their home AP? Since I don't want to use a spash page, is this howto overkill for starting up my own rouge AP?

    My goal - to create an AP which allows users to connect via DHCP and allow normal internet traffic. I want to run various dsniff tools and ettercap, or figure out a way to log all traffic so I can see what's going on when I'm not home.

    Should I use airsnarf with a disabled splash page for this?

  5. #5
    Junior Member
    Join Date
    Jul 2006
    Posts
    88

    Default

    if you manged to make your airsnarf act as an AP, can you connect to this AP and browse the internet like a normal AP?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •