Setup a Fake Access Point With BackTrack5

Posted Nov 6 2011 by NightRanger in Hacking with 4 Comments Recently I needed to setup a fake access point for a presentation, I fired up my Backtrack5 VM, Connected my Alfa AWUS036H USB adapter and started to configure the Fake AP. There are a lot of Tutorials and Scripts for setting up a Fake AP, The Gerix tool also have an option to auto set a Fake AP (for some reason this tool never worked for me). I started to setup my fake AP and had run into some trouble for a strange reason. I decided to put my experience here hopefully youll find it useful. Started by putting my Wlan interface in monitor mode
root@Blackbox:~/fakeap# airmon-ng start wlan1 Found 1 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to kill (some of) them! PID Name 1558 dhclient Interface Chipset Driver wlan1 Realtek RTL8187L rtl8187 - [phy1]SIOCSIFFLAGS: Unknown error 132 (monitor mode enabled on mon0)

I noticed the following error: Unknown error 132 Tried using airodump-ng to see what happens
root@Blackbox:~/fakeap# airodump-ng mon0 ioctl(SIOCSIFFLAGS) failed: Unknown error 132

Got the same error. The solution was simply to unload the RTL8187 and Load the R8187 driver instead as follows:
root@Blackbox:~/fakeap# rmmod rtl8187 root@Blackbox:~/fakeap# modprobe r8187

Tried putting wlan In monitor mode again

root@Blackbox:~/fakeap# airmon-ng start wlan1 Found 1 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to kill (some of) them! PID Name 1558 dhclient Interface Chipset Driver wlan1 RTL8187 r8187 (monitor mode enabled)

Well, that fixed the problem

root@Blackbox:~/fakeap# iwconfig lo no wireless extensions. eth3 no wireless extensions. wlan1 802.11b/g Mode:Monitor Channel=10 Bit Rate=11 Mb/s Tx-Power=5 dBm Retry:on Fragment thr:off Link Quality=0/100 Signal level=50 dBm Noise level=-156 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0

Now we can proceed to the fake ap setup process 1. Install a DHCP Server
apt-get install dhcp3-server

2. Edit /etc/dhcp3/dhcpd.conf as follows (You can change ip address, pool and dns server as needed):
ddns-update-style ad-hoc; default-lease-time 600; max-lease-time 7200; authoritative; subnet 10.0.0.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option broadcast-address 10.0.0.255; option routers 10.0.0.254; option domain-name-servers 8.8.8.8; range 10.0.0.1 10.0.0.140; }

3. Put your wlan in monitor mode

airmon-ng start wlan1

4. Start airbase-ng, you will need to specify the AP SSID and channel number
airbase-ng -e FreeWifi -c 11 -v wlan1 &

5. Airbase will create a new adapter at0 you will need to enable it and assign it with an ip address and subnet mask, the ip address you assign to this interface will be the default gateway that you specified in the dhcpd.conf file.
ifconfig at0 up ifconfig at0 10.0.0.254 netmask 255.255.255.0

6. Add a route
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254

7. Setup ip tables
iptables iptables iptables iptables iptables --flush --table nat --flush --delete-chain --table nat --delete-chain -P FORWARD ACCEPT

Eth3 is my external interface which is connected to the internet change it to whatever yours is
iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE

8. Clear dhcp leases

echo > '/var/lib/dhcp3/dhcpd.leases'

9. Create a symlink to dhcpd.pid (skipping this may cause an error when starting dhcp server)
ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid

10. Start the DHCP server

dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &

11. Dont forget to enable IP forwarding

echo "1" > /proc/sys/net/ipv4/ip_forward

Thats All Folks! I have created a simple bash script to automate this process you will just need to change it to suit your configuration. 1 #!/bin/bash 2 3 echo "Killing Airbase-ng..." 4 pkill airbase-ng 5 sleep 2; 6 echo "Killing DHCP..." 7 pkill dhcpd3 8 sleep 5; 9 10echo "Putting Wlan In Monitor Mode..." 11airmon-ng stop wlan1 # Change to your wlan interface 12sleep 5; 13airmon-ng start wlan1 # Change to your wlan interface 14sleep 5; 15echo "Starting Fake AP..."

16airbase-ng -e FreeWifi -c 11 -v wlan1 & # Change essid, channel and interface 17sleep 5; 18 19ifconfig at0 up 20ifconfig at0 10.0.0.254 netmask 255.255.255.0 # Change IP addresses as configured in your 21dhcpd.conf 22route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254 23 24sleep 5; 25 26iptables --flush 27iptables --table nat --flush 28iptables --delete-chain 29iptables --table nat --delete-chain 30iptables -P FORWARD ACCEPT 31iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE # Change eth3 to your internet 32facing interface 33 34echo > '/var/lib/dhcp3/dhcpd.leases' 35ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid 36dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 & 37 sleep 5; echo "1" > /proc/sys/net/ipv4/ip_forward