Results 1 to 3 of 3

Thread: Wireless access point with traffic routing and DNS spoofing

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Oct 2012
    Posts
    3

    Default Wireless access point with traffic routing and DNS spoofing

    Hi guys!

    I am utterly new here on this forum (sorry if this is the wrong place) but I figured this would be a good place to share some interesting ideas of mine, so I thought I'd register.

    You see I wrote this python program http://code.google.com/p/sapphi-re/ (it's called Sapphire, sorry if I stole an existing name but I liked it too much )

    what it does it automates some everyday exploiting tasks allowing you to do a few things very quickly:

    1) Create a wireless access point (airbase-ng) with specific ESSID, channel and other options WITH the option to route traffic from the virtual interface to another interface. This combined with (ip_forward) and the integration of (isc-)dhcp-server turns Sapphire into a - real access point! Basically a one line command to share your network to other people around.

    2) Now the functionality of number 1) is probably implemented by someone somewhere already but wait, there's more! Sapphire has built-in DNS server so you can easily enable DNS spoofing on your newly created AP. No need to edit hosts file to mix up your own connections. The sapphire.dns file will hold the A records you wish to spoof and it can be updated realtime. Yes, Ettercap can already do this, but afaik it cannot redirect network reliably (it turns off ip_forward) and your DNS queries are actually only sent to Sapphire so no need to "send spoofed packets faster" than any real DNS server around. It is also more lightweight and doesn't need additional third party dns spoofing plugins (like ettercap) be present on the system.

    3) Still not impressed? Well Sapphire can also work as an HTTP server. You can select the directory you wish the HTTP server to be run in (where you have your cloned websites) and maybe combine DNS spoofing with this attack. Or you can use the iptables routing function also implemented in Sapphire. This could also be achieved with SET but Sapphire is more lightweight and allows you to work with the index files. So you can custom edit your site to best fit your needs.

    4) Other options include (if you have macchanger) mac cloning, so you can clone mac address for your wlan0 and mon0 should you not want to show your permanent MAC to the public.

    It's written in Python so it's quite portable a wrapper program for all these different functionalities. With Sapphire and in one command you can basically:

    *) Steal an existing ESSID and
    *) Set up an access point that routes internet traffic and steals the clients of the AP making them connect to your computer instead (need to be closer to them than the AP though)
    *) Send poisoned DNS replies to make connecting clients see whatever you want
    *) Set up an HTTP server (to steal their credentials - ha!)

    I hope you find it useful! I personally like it because it removes all the fuzz of working with .conf files and separate shells from the equation setting up everything automatically.

  2. #2
    Just burned his ISO
    Join Date
    Oct 2012
    Posts
    1

    Default Re: Wireless access point with traffic routing and DNS spoofing

    Had to register just to thank you!

    Tested on Ubuntu and works like charm. This really speeds up rogue access point attacks!

    However I didn't manage to install the isc-dhcp-server on BackTrack. I think it's a Ubuntu only package and although BackTrack is based on it, I ran into some problems. apt-get couldn't (obviously) find it but I downloaded the .deb and noticed there are just too many missing or conflicting packages so it's not really an option. Tried editing the file to see if I can get it work with dhcp3-server and after a quick glance it seems to be working alright.

    Any chances of adding some little support for dhcp3-server?

  3. #3
    Just burned his ISO
    Join Date
    Oct 2012
    Posts
    3

    Default Re: Wireless access point with traffic routing and DNS spoofing

    Quote Originally Posted by fuzzerr View Post
    Had to register just to thank you!

    Tested on Ubuntu and works like charm. This really speeds up rogue access point attacks!

    However I didn't manage to install the isc-dhcp-server on BackTrack. I think it's a Ubuntu only package and although BackTrack is based on it, I ran into some problems. apt-get couldn't (obviously) find it but I downloaded the .deb and noticed there are just too many missing or conflicting packages so it's not really an option. Tried editing the file to see if I can get it work with dhcp3-server and after a quick glance it seems to be working alright.

    Any chances of adding some little support for dhcp3-server?
    Yes you're right, I just noticed the same problem. I added a version with dhcp3-server support. Tested yesterday on BT5 and should now work fine! I am updating the documentation bit by bit and hopefully can come up with a new version with support for both isc and dhcp3 (and also fix the missing implementation of encryption flags) in near future. Stay tuned!

Similar Threads

  1. Routing in the Access Point stuck (forwarding)
    By dallatorretdu in forum BackTrack 5 General Topics
    Replies: 2
    Last Post: 05-29-2012, 08:27 AM
  2. Connection Failed: Could not contact wireless access point
    By Rukkas in forum BackTrack 5 Beginners Section
    Replies: 6
    Last Post: 02-12-2012, 11:43 AM
  3. Backtrack 4 R1 won't connect to my wireless access point
    By Mike1990 in forum Beginners Forum
    Replies: 1
    Last Post: 10-27-2010, 02:34 AM
  4. Using Backtrack as Wireless Access Point
    By quick in forum Beginners Forum
    Replies: 2
    Last Post: 02-04-2010, 11:19 AM
  5. Having problems with my Wireless USB connecting my Access Point
    By Johndoe1893 in forum OLD Newbie Area
    Replies: 6
    Last Post: 02-27-2009, 09:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •