PDA

View Full Version : Aerial - Multi-mode wireless LAN Based on a Software Access point



Nick_the_Greek
2014-10-04, 18:48
Aerial WiFi

Part 1

What is it?
========
Aerial is one of the easiest ways to create a full capable*, high speed*, at any band (5GHz or 2.4GHz), high through IEEE 802.11n* or not, with Wi-Fi protected setup* (WPS) or not, Software Access point on a Kali-Linux box with manipulated/intercepted/injected/ forced/proxied/MITMed or not traffic.
* When Hostapd is used and depending on your wireless NIC's capabilities.

Files:
====
Aerial.0.14.1.0
Aerial.sh (main script).
README (this file).
COPYING (License).
CHANGELOG (Version History).
/dependencies/
/dependencies/airchat_2.1a/ airchat.tar.bz2 (Needed for mode 3)
/dependencies/squid3_3.3.8-1.1Kali1_amd64/ (Needed for mode 13 Kali x64)
/dependencies/squid3_3.3.8-1.1Kali1_amd64/squid3_3.3.8-1.1Kali1_amd64.deb
/dependencies/squid3_3.3.8-1.1Kali1_amd64/squid3-common_3.3.8-1.1Kali1_all.deb
/dependencies/squid3_3.3.8-1.1Kali1_amd64/squid-langpack_20140506-1.1Kali1_all.deb
/dependencies/squid3_3.3.8-1.1Kali1_i386/ (Needed for mode 13 Kali x32)
/dependencies/squid3_3.3.8-1.1Kali1_i386/squid3_3.3.8-1.1Kali1_i386.deb
/dependencies/squid3_3.3.8-1.1Kali1_i386/squid3-common_3.3.8-1.1Kali1_all.deb
/dependencies/squid3_3.3.8-1.1Kali1_i386/squid-langpack_20140506-1.1Kali1_all.deb

Download / Installation
==================
No installation is required.
Download the latest bz2 file:
Aerial_0.14.1.0.tar.bz2 (http://www.mediafire.com/download/tbkth5tko0v62d2/Aerial_0.14.1.0.tar.bz2) 6.3MB

sha1sum:
8e17b35e3883f986ed3d7718b24bd3225a97fd8a
check integrity by:

echo "8e17b35e3883f986ed3d7718b24bd3225a97fd8a Aerial_0.14.1.0.tar.bz2" | sha1sum -c -
extract it:

tar jxf Aerial_0.14.1.0.tar.bz2
or download it from github:

git clone https://github.com/Nick-the-Greek/Aerial
and run it by:

sh Aerial.sh

Relax and let the script download/install, create CA certificates etc that is needed. DO NOT INTERRUPT IT. Let it finish. A new folder named "Aerial" will be created. Everything you want to find will be in that folder, e.g.
aerial.conf (This script's configuration file)
hostapd.conf (Hostapd configuration file)
CA-certificates folder and the included certificates.
Backup folder with the included files.
...

When a "Mode" in executed then a new folder will be created with the corresponding name (e.g sslsplit) into the "Aerial" folder with all the files (configuration, logs etc) that invoke that "Mode". So the only thing that you have to do, is to run any "Mode" and then look at the corresponding folder of that "Mode". If a "Mode" is never executed, none folder will be created for that "Mode".

Features
=========
o Menu driven.
o Kali Linux x86 and x64 architectures compatible.
o BackTrack 5R3 Linux x86 and x64 architectures compatible. (some modes).
o Ability to use Airbase-ng for the creation of the Soft AP. (Your wireless NIC MUST support monitor mode).
o Ability to use Hostapd for the creation of the Soft AP. (Your wireless NIC MUST support AP mode).
o A configuration file (aerial.conf) with the ability to enable/disable some of the Aerial's menus (speed things up) and/or change directly script's values (ex Internet interface, wireless interface, channel, etc). Please refer to aerial.conf for detailed instructions.
o Selectable language/date format/long URLs for SARG.
o All inputs from users are filtered. You can't enter an invalid input.
e.g. Internet interface, wireless interface, channel, CRDA, password, etc
o Multiple examples for correct usage of the script.
o Backup/restore of any configuration files or folders that it might be changed into the OS by the script.
o Downloading and installation of all required programs, if they are not present:
- UDHCPD: Very small Busybox based DHCP server.
- Aircrack-ng Suite: Wireless WEP/WPA cracking utilities.
- Proxychains: Redirect connections through proxy servers.
- Proxyresolv: DNS resolving.
- Mogrify: Image manipulation programs.
- Jp2a: Converts jpg images to ASCII.
- Ghostscript: Interpreter for the PostScript language and for PDF.
- Apache2: HTTP Server.
- Dnsmasq: A small caching DNS proxy and DHCP/TFTP server.
- Haveged: Linux entropy source using the HAVEGE algorithm.
- Squid3 v3.1.20 :Proxy caching server for web clients.
- Sarg: Squid Analysis Report Generator.
- Hostapd v2.3 devel: User space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator.
- Hostapd v2.3 devel patch: Disable bss neighbor check/force 40 MHz channels. Please see part 2 paragraph (1)
- TOR: The Onion Router: A connection-based low-latency anonymous communication system.
- ARM: The Anonymizing Relay Monitor - Terminal status monitor for TOR.
- I2P router: The Invisible Internet Project.
- Sslstrip: SSL/TLS man-in-the-middle attack tool.
- Sslsplit: Transparent and scalable SSL/TLS interception.
- Mitmproxy: SSL-capable man-in-the-middle HTTP proxy.
- Honey Proxy: HTTP(S) Traffic investigation and analysis.
o Supplied with Aerial.0.x.x.tar.bz2:
- Airchat v2.1a: Wireless Fun. (No installation is required. The script will handles this).
- Installation packages Squid3-i386 and Squid3-amd64 v.3.3.8 compiled with SSL Bumping and Dynamic SSL Certificate Generation.
o Unique (per run) Trust Anchor Certificate.
o One common CA root certificate for the modes that requires a Trust Anchor Certificate:
- SSLsplit.
- Mitmproxy.
- Honeyproxy.
- Squid in the Middle.
o Multiple formats of the CA certificate for all kind of clients:
- IOS. (not tested)
- IOS Simulator. (not tested)
- Firefox. (tested)
- Java. (not tested)
- OSX. (not tested)
- *nix systems. (tested)
- Windows platforms. (tested)
- Android 4.x devices. (tested)
o Backup of the generated CA-certificates. (Just in case).
o Stop/kill of any running processes when we re-run the script.
o Ability to use any wireless NIC for the creation of the Soft AP. (In case that more than one is installed)
o Auto-detect of Internet interface.
o Auto-detect of Wireless interface(s).
o Auto-detect of Wireless interface in monitor mode.
o Auto-detect of Wireless interface's capabilities:
- Access point mode. (hostapd compatible).
- Monitor mode. (airbase-ng compatible).
- Supported band:
- IEEE 802.11a - 5GHz (airbase-ng or hostapd). (not tested).
- IEEE 802.11g - 2.4 GHz (airbase-ng or hostapd). (tested).
- IEEE 802.11a/n - 5GHz High Throughput (Only with hostapd). (not tested).
- IEEE 802.11g/n - 2.4GHz High Throughput (Only with hostapd). (tested).
o Ability to set/change ESSID: Extended Service Set Identification.
o Ability to set/change MAC address: Media Access Control Address.
o Ability to set/change CRDA: Central Regulatory Domain Agent.
o Ability to set/change channel:
Permitted to use channels are:
IEEE 802.11g - 802.11g/n: 01 02 03 04 05 06 07 08 09 10 11 12 13 (tested).
IEEE 802.11a - 802.11a/n: 36 40 44 48 52 56 60 64 (not tested).
Non permitted to uses channels are:
IEEE 802.11g - 802.11g/n: 14 (Japan) (tested).
IEEE 802.11a - 802.11a/n: 100 104 108 112 116 120 124 128 132 136 140 149 153 157 161 165 (not tested).
o Scanning for other Access Points and Ad-Hoc cells in your area and informations about suggested channels to use for:
IEEE 802.11a - 5GHz (not tested)
IEEE 802.11a/n - 5GHz 20Mhz channel width. (not tested).
IEEE 802.11a/n - 5GHz 40Mhz channel width. (not tested).
IEEE 802.11g - 2.4GHz (tested).
IEEE 802.11g/n - 2.4GHz 20Mhz channel width. (tested).
IEEE 802.11g/n - 2.4GHz 40Mhz channel width. (tested).
o Wireless card's IEEE 802.11n capabilities and auto-usage in hostapd: (only when hostapd is selected).
- Available Antenna(s).
- Configured Antenna(s).
- Supported channel width set (20Mhz/40Mhz).
- LDPC coding capability.
- Spatial Multiplexing (SM) Power Save.
- HT-Greenfield.
- SGI-Short Guard Interval for 20 MHz.
- SGI-Short Guard Interval for 40 MHz.
- Tx STBC-Space–Time Block Codes.
- Tx Max spatial streams.
- Rx STBC-Space–Time Block Codes. (One, two or three Spatial streams.)
- Maximum A-MSDU length.
- DSSS/CCK Mode in 40 MHz.
- HT TX/RX MCS rate indexes supported.
o Ability to set/change Encryption:
- For airbase-ng based Soft AP:
OPEN no encryption.
WEP (ASCII password 40bits or 104bits).
WEP (HEX password 40bits or 104bits).
- For hostapd based Soft AP:
OPEN no encryption.
WEP (ASCII password 40bits or 104bits).
WEP (HEX password 40bits or 104bits).
WPA2 pre shared key. (8 to 32 characters long)
When WPA2 encryption is selected you will have the ability to:
- enable/disable Wi-Fi protected setup (WPS).
- set WPS pin.
o Free Disk Space and free RAM Calculation for optimizing Squid3's functionality.
o Ability to use alternative DNS servers. (I'm using OPEN DNS servers.)
o Summary/information about Internet interface and the created Soft AP.
o Kernel's Entropy Pool Calculation. We make sure that hostapd will not run out from random number. We use Haveged algorithm.
o Real time reports about who, what, when was visited by our WLAN.
o Detailed reports about who, what, when top sites, top sites/users etc was visited by our WLAN.
o Informations about which daemons/programs are running and which and where the configuration files are used.
o Log files for almost all the modes.
o Specially for mode 10 due to a massive number of log files a search script will be created (search.sh) to help do search queries into the sslsplit's log files.
o Real time information about connected clients, Soft AP's statistic informations and leases granted by udhcp server (offered IPs to our clients).

To be continued...

Nick_the_Greek
2014-10-04, 18:49
Part 2

Fourteen Access Point modes:
=============================

1. Simple WLAN - Clients can access Internet.
Aerial will act as an Access Point. No interception, no nothing.

2. Transparent HTTP Proxied WLAN Optimized for low Internet Speeds RTR*
When low Internet speed is the case, this mode might be founded useful. We are trying to achieve high "HIT" rates with Squid3.To achieve that,in some cases, we violating http regulations.
We keep cached files longer then it should be. Of course this mode can be used as an http proxied WLAN. This is the only mode that we cache file into our disk (HDD/SDD).

3. Airchat - Wireless Fun: Clients will chat with AP and each other.
The client's of our WLAN they will be forced to chat with our Soft AP and each other. They cannot access the Internet.

4. TOR - Transparent anonymous Surfing - Deep Web access .onion sites.
The clients of our WLAN will Transparently, Anonymous surfing the web through the TOR network and they can access .onion sites. DNS queries will also passed through TOR. In this mode we also running ARM an relay monitor program.

5. I2P - Manual anonymous Surfing - Deep Web access .i2p sites
The clients of our WLAN will Manual, Anonymously* surfing the web and they can access .i2p sites through i2p network. This is the only NON transparent mode. You have to manually set your client's browser to use our http and https proxy that is running into the Kali box. DNS requests will pass also through our Linux box and as such we might have DNS leaks. Finally please have in mind that i2p network is extremely slow. Sometimes you have to let it run for an hour or more to be able to visit some pages.

6. MiTM - Transparent SSLstriped WLAN (Sslstrip).
The all known sslstrip. The clients of our WLAN will Transparently and "sslstripped" surfing the web. Limitations see "Known bugs" below.

7. MiTM - Transparent Proxied and SSLstriped WLAN (Squid3 <-> Sslstrip) RTR*
Same as above but in this mode we cache transparently the visited pages with Squid3.

8. MiTM - Flip, Blur, Swirl, ASCII, Tourette client's browser images RTR*
8.1 Upside down images RTR*
Your clients browser (http) images will be Upside Down.
8.2 Blur images RTR*
Your clients browser (http) images will be Blurred.
8.3 Swirl images RTR*
Your clients browser (http) images will be Swirled.
8.4 ASCII Images RTR*
Your clients browser (http) images will be converted into ASCII art.
8.5 Tourette Images RTR*
Your clients browser (http) images will be added by words.

9. MiTM - Forced downloading files RTR*
Your clients will be forced to download our files. The clients will transparently HTTP Proxied BUT they will be forced to download our test.(exe, zip, rar, doc, msi) when they asked to download ANY file from ANY HTTP site and that file matches the above extension, *.exe *.zip *.rar *.doc *.msi. Then the script will rename our test.* to the original filename and will serve it back to the client. Only http sites will get affected. This mode has no affect to https sites.

10. MiTM - Transparent and scalable SSL/TLS intercepted WLAN (SSLsplit).
The clients of WLAN will surf our transparent and scalable SSL/TLS intercepted WLAN. The clients can surf the web and we Transparently sniffing:
non-SSL traffic : HTTP and WhatsApp
SSL-based traffic: HTTPS, SMTP over SSL and IMAP over SSL.
SSLsplit is a generic transparent TLS/SSL proxy for performing man-in-the-middle attacks on all kinds of secure communication protocols. Using SSLsplit, you can intercept and save SSL-based traffic and thereby listen in on any secure connection.

11. MiTM - Transparent HTTP(S) intercepted WLAN (mitmproxy).
Almost same as the above. The clients of WLAN will surf our transparent SSL/TLS intercepted WLAN. The main difference is that mitmproxy is an interactive console program that allows traffic flows to be inspected and edited on the fly. Only HTTP and HTTPS traffic are sniffed. No WhatsApp, no SMTP over SSL and IMAP over SSL.

12. MiTM - Honey Proxy - Transparent HTTP(S) intercepted WLAN.
The same as the above. The clients of WLAN will surf our transparent SSL/TLS intercepted WLAN. In this mode we get transparent HTTP(S) WLAN traffic investigating and analysis. HoneyProxy is a lightweight man-in-the-middle proxy that helps you analyze HTTP(S) traffic flows. It is tailored to the needs of security researchers and allows both real-time and log analysis. It focuses on features that are useful in a forensic context and allows extended visualization capabilities.

13. SiTM - Squid in The Middle - Transparent HTTP(S) proxied WLAN RTR*
The clients of our WLAN they will be transparent http and https proxied.

14. JiTM - JavaScript in The Middle - Java Code Inject RTR*"
Squid will inject each JavaScript file passing through the proxy.
You can inject:
1. A simple script that inject an annoying alert with a message.
2. A script that captures the submitted form content without being noticed by the user. (submitted form must be in Java and it's not working quite well).
3. Your own Java Script.

(*RTR: Real Time Reports with SARG.)

(1) Disable bss neighbor check/force 40 MHz channels patch.

By default Hostapd does a check for overlapping channels with neighboring bss's before enabling 40 MHz channels as proposed by IEEE 802.11(a/g)n. This however might result in switching to 20 MHz channels in dense wlan areas.

# hostapd -d /etc/hostapd/hostapd.conf
40 MHz affected channel range: [2407,2457] MHz
Neighboring BSS: 00:19:xx:xx:xx:xx freq=2412 pri=0 sec=0
Neighboring BSS: 9c:c7:xx:xx:xx:xx freq=2412 pri=1 sec=0
Neighboring BSS: 88:25:xx:xx:xx:xx freq=2412 pri=1 sec=5
40 MHz pri/sec mismatch with BSS 88:25:xx:xx:xx:xx <2412,2432> (chan=1+) vs. <2442,2422>
20/40 MHz operation not permitted on channel pri=7 sec=3 based on overlapping BSSes
As a matter of fact hostapd acts as the regulations required, but most manufactures does not perform that check and they broadcast with 40Mhz channels width no matter what. With this patch we let hostapd do that check but the results are ignored and we forcing hostapd to use 40Mhz channel width.
A working/forced example of 40MHz channel width:

# hostapd -d /etc/hostapd/hostapd.conf
40 MHz affected channel range: [2407,2457] MHz
Neighboring BSS: 00:19:xx:xx:xx:xx freq=2412 pri=0 sec=0
Neighboring BSS: 9c:c7:xx:xx:xx:xx freq=2412 pri=1 sec=0
Neighboring BSS: 88:25:xx:xx:xx:xx freq=2412 pri=1 sec=5
40 MHz pri/sec mismatch with BSS 88:25:xx:xx:xx:xx <2412,2432> (chan=1+) vs. <2442,2422>
20/40 MHz operation not permitted on channel pri=7 sec=3 based on overlapping BSSes
DFS 0 channels required radar detection
nl80211: Set freq 2442 (ht_enabled=1, vht_enabled=0, bandwidth=40 MHz, cf1=2422 MHz, cf2=0 MHz)
HT40: control channel: 7 secondary channel: 3
Completing interface initialization

Known bugs

- By default the script will install Squid3 v3.1.20 from Kali repos. When mode 13 (Squid in the middle) is selected you will be prompted to uninstall Squid3 3.1.20 and install Squid3 v3.3.8 with SSL support (supplied with my bz2 file).

Squid3 3.1.20 and Squid3 3.3.8 they cannot co-exist. They are incompatible.

Unfortunately when Squid3 3.3.8 installed mode 8 (Flip, Blur, Swirl etc) and sub-menu for mode 8 will be dead.

I couldn't find a way to make g0tmilk's scripts to work with Squid3 3.3.8. So, you will be prompt again to uninstall Squid3 3.3.8 and install again Squid3 3.1.20. If you have an idea how make g0tmilk's scripts to work with Squid3 3.3.8 please let know. It's very annoying this install/uninstall process.

- In modes 6 & 7 where sslstrip is used it's very common to encouraged corrupt or broken https sites. This has nothing to do with the script. Sslstrip doesn't works if:
- The client requests an address with HTTPS directly, e.g. HTTPS://www.example.com
- The web site have the support for HSTS, that forces a browser to solely
interact with the server using HTTPS.
- The client is a smart-phone AND the user use an app (app like gmail, facebook etc. works only with HTTPS).
Credits to repzeroworld (Kali Forums) for clarifying me how sslstrip works.

Tested

- Script running on:
Kali Linux 1.0.6 (x32 x64).
Kali Linux 1.0.7 (x32 x64).
Kali Linux 1.0.8 (x32 x64).
Kali Linux 1.0.9 (x32 x64).
BackTrack 5R3 (x32 x64) some modes are working.

- Wireless NICs:
rt2800 pci-e - AP and monitor mode supported.
rt2800 usb - AP and monitor mode supported.
ath5k pci - AP and monitor mode supported.
zd1211rw usb - AP and monitor mode supported.
ar9271 (ALFA AWUSO36NHA) - - AP and monitor mode supported. (report from nifty nerd)

- Clients:
Kali Linux 1.0.x (x32 x64).
Windows 8.0 32bit.
Windows 8.0 64bit.
Windows 8.1 64bit.
Android 4.x devices.

The Latest Version

Details of the latest version can be found here on the Kali forums

Documentation

No documentation available yet. Only this README file.

Licensing

Please see the file called COPYING.

Credits

To my mentor: Gitsnik

Feedback is welcomed warmly.

Enjoy!

Nick_the_Greek

PS If someone was able to successfully setup a 5GHz Soft AP, then please let me know. The code it's there but I wasn't able to setup it due to the lack of the hardware.

zimmaro
2014-10-07, 07:16
hi :)
all always many thanks for share to community!!!!

Nick_the_Greek
2014-10-07, 18:37
hi :)
all always many thanks for share to community!!!!

Hey my friend zimmaro!
Linux and sharing is the same thing, at least into my head.

What do you thing about Aerial? Did you try it?
It might look a little bit complicated (from the description in this thread) but I thing it's a very easy to use script.

Do you mind ask you which wireless NIC do you use and if the hostapd based rogue access point works well? stable, fast etc
(if your card supports AP mode).

The strange thing is that I have almost 100 downloads and no feedback yet. Maybe it's working quite well or .........it's not working at all :D
Time will tell.

zimmaro
2014-10-07, 21:50
Hey my friend zimmaro!
Linux and sharing is the same thing, at least into my head.

What do you thing about Aerial? Did you try it?
It might look a little bit complicated (from the description in this thread) but I thing it's a very easy to use script.

Do you mind ask you which wireless NIC do you use and if the hostapd based rogue access point works well? stable, fast etc
(if your card supports AP mode).

The strange thing is that I have almost 100 downloads and no feedback yet. Maybe it's working quite well or .........it's not working at all :D
Time will tell.

Dear nick I downloaded and installed your script ... but I have not had time to test it ... and 'a very bad period for me !! Last week some bastards thievesI INTRUSION in my house and stole 2 cars ..(mine&mywife)I am '**** ... and I'm in the middle of bureaucracy insurance !!! As soon as I open and free my mind (little) .. I swear test your work Thanks ..... My friend!!!!!!!sorry my english

Nick_the_Greek
2014-10-08, 06:48
I'm very sorry to hear that. I really hope to be solved as soon as possible the bureaucracy thing. I know very well about bureaucracy. I live in Greece and it's a nightmare.
As for my script....no worries. I will wait for your feedback and if you want any help I will be here to assist you.
Sorry for my English, also. lol.

Have a good day my friend zimmaro!

zimmaro
2014-10-09, 08:08
I'm very sorry to hear that. I really hope to be solved as soon as possible the bureaucracy thing. I know very well about bureaucracy. I live in Greece and it's a nightmare.
As for my script....no worries. I will wait for your feedback and if you want any help I will be here to assist you.
Sorry for my English, also. lol.

Have a good day my friend zimmaro!

hi nick
this morning (having 5 minutes free) :rolleyes:
a major premise must be 'made ​​(I have no technical skills and experience) :o
I tried to start trying the script ..but I always stops on "" waiting to connect to the internet "" "both with hostapd that airbase-ng method
in reality 'reconnection is already done with eth0 or wlanx
In my kali's vm-machines I use (and needed for my experimetal;)) 2 clients for networking (wicd & gnome-default) is the problem related to it? :confused:
sorry my ignorance & thanks
http://www.imagestime.com/show.php/979531_Cattura.PNG.html
test with eth0, alfa36h && alfa 36nh
thanks again

Nick_the_Greek
2014-10-09, 19:30
Hi zimmaro and thank you for precious time and screen shoots.
Yes I believe so. I don't use wicd neither VMs.
I just uploaded a new version Aerial_0.14.0.9 with some fixes.
Please download it (from the 1st post) and run this one.
This is from changelog file:
[QUOTE]Aerial (0.14.0.9) UNRELEASED; urgency=low

* Fixed colored dialogs in Kali Linux, thanx
to dataghost.
* Added forgotten wireless interface down when airbase-ng
is used, thanx to dataghost.
* Removed the "waiting to connected to Internet" routine
and replaced with simple sleep command, thanx to zimmaro.
* Added correct links in README file.
* Added credits to zimmaro and dataghost in README file.

-- Nick_the_Greek <hidden> Tue, 09 Oct 2014 22:51:34 +0000

Unfortunately I haven't test it in VMs and I don't know yet how it reacts in that environment. I will do that since many people running Kali in VMs. Can you please give the output of the following command?

nmcli dev status
Thank you again!

dataghost
2014-10-09, 20:08
Hey Nick did you see my post about Aerial? I was wondering if you could give me further direction on why I can not connect to the fake ap on both hostap and softap with airbase thanks again

Nick_the_Greek
2014-10-09, 20:22
Hello Nick, when running the script i get a lot of jumbled writing see below

033[1;34mI n t e r n e t a n d W i r e l e s s i n t e r f a c e s :033[1;37m

033[1;34mInternet Interface033[1;37m


Please have in mind that if you DON'T want to be prompted every time for your Internet
and wireless interfaces you can set \033[1;31mINET_WIRELESS_PROMPT yes\033[1;37m to \033[1;32mINET_WIRELESS_PROMPT no\033[1;37m
in \033[1;32m/root/Aerial/aerial.conf\033[1;37m file

You're currently using:
Internet through : \033[1;32mwlan0 - pci:ath9k\033[1;37m

Enter the name of the interface that you are
connected to the Internet, [e.g.\033[1;31mppp0\033[1;37m,\033[1;31meth0\033[1;37m,\033[1;31mwlan0\033[1;37m ]
Press ENTER for current (\033[1;32mwlan0\033[1;37m):

There is a lot of settings, what would you like me to try for an attack in the menu 1-14 i believe, I tried sslsplit and no internet was provided.

I will try some others. I still get the txpower issue when I ran the kali version of 911_ap, fake ap. I didnt seem to lose internet access though, I will test further.

Also is there a clean way to shut the script down to clean up
The jumbled writing are the colors. Some colors huh! lol
I presume that you have run the script by:

./Aerial.sh
and not

sh Aerial.sh
Anyway I made some changes and I uploaded a new version Aerial_0.14.0.9 Please try that.
For now, the only clean way to shut the script is to re-run the script and stop it by control+c when you will be prompted for the Internet interface. Every time you run the script, it will stop/kill any processes that are invoke with it.



Hi Nick

Update - I have tried MITMproxy, sslsplit, and sslstrip, I have tried both softap airbase and hostap, I have never heard of hostap so I am not sure exactly how it works, No matter what I am getting the channel -1 error, when i make a fake ap using kali normally i dont get that, at worst i run ifconfig wlanX down and its fine. Any ideas why this is happening and why I can not connect to the fake ap i am creating, it tries to connect but it cant. I am not using a 64 bit system its 32. Ill check back today, I hope I hear back, Thanks again Nick!!

About hostap:
http://en.wikipedia.org/wiki/Hostapd
and home page:
http://w1.fi/hostapd/
In free translation it's a viagra powered airbase-ng (lol) It's an advanced way to create a virtual access point. More stable, more fast and much more configurable than airbase-ng.
As for the God **** negative channel I include a line into the new v 0.14.0.9 "ifconfig wlanx down" before starting airbase-ng so you must be fine with that. Thank you for remind me that.

For a hostapd based AP you must see at the page:

H o s t a p d - A i r b a s e - n g - M E N U:


You have a usb:rt2800usb wireless NIC, which it looks like it:

CAN support Access Point mode (hostapd compatible):

Hostapd mode : Status
IEEE 802.11a 5GHz : Not supported
IEEE 802.11g 2.4GHz : Supported
IEEE 802.11n HT : Supported


CAN support monitor mode (airbase-ng compatible):

Airbase-ng mode : Status
IEEE 802.11a 5GHz : Not supported
IEEE 802.11g 2.4GHz : Supported

Either way you have two options to try, for the creation of the SoftAP

1. Hostapd based SoftAP
2. Airbase-ng based SoftAP

Supported drivers: http://wireless.kernel.org/en/users/Drivers
Please enter your choice ( 1 - 2 ):
The above telling us that the wireless NIC that I have choose for the creation of the Soft AP it can being used with hostapd, in 2.4 GHZ band (channels 1-13) and it support high throughput 802.11n HT.
If you see:

CAN NOT support Access Point mode (hostapd compatible):
then the script will let you choose: 1. Hostapd based SoftAP but most probably you will not be able to create a hostapd based soft AP.

dataghost
2014-10-09, 20:35
Thanks for the reply Nick, I will re-download and try the script again, Thanks for the clarification, As for the color issues, ./ is what i was doing and it didnt work, sh actually is what made it work lol

dataghost
2014-10-09, 21:07
Hey Nick no matter what I do, I am unable to connect to the softap, I can create a normal fake ap manually and connect and sslstrip etc. on the script I also just tried the number 1 option for just wifi and no dice. Any ideas? I tried using eth0 and wlan0 both as the main internet connection

Nick_the_Greek
2014-10-10, 07:10
Hey Nick no matter what I do, I am unable to connect to the softap, I can create a normal fake ap manually and connect and sslstrip etc. on the script I also just tried the number 1 option for just wifi and no dice. Any ideas? I tried using eth0 and wlan0 both as the main internet connection

Hi dataghost
Thank you for your reply and for your time.
Are you running Kali as VM or live/hdd ?
Are you using Gnome/KDE ?
What wireless NIC are you using? It supports AP mode?
If you select to create a hostapd based softAP did hostapd is running?
Try with:

pidof hostapd
if you're getting a number as an output then hostapd is running.
If not then go to Aerial folder and run hostapd manually with debug enabled and please give me the output:

cd Aerial
hostapd -d hostapd.conf
just make sure hostapd.conf is present to Aerial folder and to do that Aerial.sh must be run at least one time and you must select to create a hostapd based AP. It should look like this:

# Interface, driver,essid,IEEE 802.11 mode,channel.
interface=wlan1
driver=nl80211
ssid=free
hw_mode=g
channel=01

#IEEE 802.11 related configuration
macaddr_acl=0
beacon_int=100
dtim_period=2
max_num_sta=20
rts_threshold=2347
fragm_threshold=2346
ignore_broadcast_ssid=0
macaddr_acl=0

# Enable IEEE 802.11d. This advertises the country_code and the set of allowed
# channels and transmit power levels based on the regulatory limits.
country_code=GR
ieee80211d=1
#ieee80211h=1

# IEEE 802.11n related configuration
ieee80211n=0

# The following will be replaced by the script with the corresponding
# values depending on your wireless NIC
#ht_capab=

# Event logger configuration
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2

ctrl_interface_group=0
ctrl_interface=/var/run/hostapd

# TX queue parameters (EDCF / bursting)

# Low priority / AC_BK = background
tx_queue_data3_aifs=7
tx_queue_data3_cwmin=15
tx_queue_data3_cwmax=1023
tx_queue_data3_burst=0

# Normal priority / AC_BE = best effort
tx_queue_data2_aifs=3
tx_queue_data2_cwmin=15
tx_queue_data2_cwmax=63
tx_queue_data2_burst=0

# High priority / AC_VI = video
tx_queue_data1_aifs=1
tx_queue_data1_cwmin=7
tx_queue_data1_cwmax=15
tx_queue_data1_burst=3.0

# Highest priority / AC_VO = voice
tx_queue_data0_aifs=1
tx_queue_data0_cwmin=3
tx_queue_data0_cwmax=7
tx_queue_data0_burst=1.5

# Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e):
wmm_enabled=1
# Low priority / AC_BK = background
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
# Normal priority / AC_BE = best effort
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
# High priority / AC_VI = video
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
# Highest priority / AC_VO = voice
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0

# WPA/IEEE 802.11i configuration
auth_algs=1
wpa_psk_file=/etc/hostapd.psk
wpa=2
wpa_passphrase=asedrftgyhujik
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP
wpa_ptk_rekey=3600
eap_server=1
please copy-paste here your hostapd.conf file.

Try to see if udhcpd is running:

pidof udhcpd
if not then please copy-paste here your udhcpd.conf file.Is located at /etc/udhcpd.conf

Try to see if dnsmasq is running:

pidof dnsmasq`
if not then please copy-paste here your dnsmasq.conf file.Is located at ../Aerial/dnsmasq.conf

If you select a airbase-ng based softAP, open the Aerial.conf file ../Aerial/aerial.conf
and set Nbpps_USE from yes to no:


# If set to "yes" (without double quotes) nbpps (number of packets per second)
# and MTU (maximum transmission unit) will be used in airbase-ng based softAP.
# Nbpps's default value is 100. In my cards i've seen differences up to 300
# to 400 values. You can "play" with nbpps values and run some tests to find
# the optimum value for you card. If you're having troubles, set it to 100.
# Default values: yes nbpps: 300 and MTU: 1500
Nbpps_USE yes
Nbpps_VALUE 300
MTU_MON 1500
to:

Nbpps_USE no
when is set to "yes" it will try to inject 300 packet/second. (the airbase-ng). When is set to "no" it will use the default value:100
and if it's not trouble copy-paste here your aerial.conf file here.
Look at /etc/network/interface file. You should see something like:

auto lo
iface lo inet loopback
iface wlanX inet manual
wlanX is the wireless interface that you have select to create the softAP. If that line isn't present the add it your self, save it and run:

service network-manager stop
service networking stop
service networking start
service network-manager start
and re-run the script.
I'm suggesting you to try to create a hostapd based soft AP, set a free channel, no high throughput, set CRDA, no encryption (OPEN) and mode 1.(just Internert access)
Finally please copy-paste here the last page you're getting from Aerial.sh. It should look like this:

Internet interface - Gateway - IP - DNS servers
Internet Interface : wlan3 - usb:rt2800usb
Internet Gateway : 192.168.1.1
Internet IP : 192.168.1.5
Primary DNS server : 192.168.1.1
Secondary DNS server : 208.67.222.222

Software Access Point options
Wireless NIC : wlan0 - pci:rt2800pci
Gateway : 192.168.60.129
Clients IPs : 192.168.60.130 - 192.168.60.150
ESSID : free
MAC address : xx:xx:xx:xx:xx:xx
CRDA country : GR
Channel : 1
Based on : Hostapd
IEEE 802.11 standard : g 2.4GHz
Encryption : OPEN
Mode : Simple - Clients can access directly the Internet.


If non of them are working try with a different wireless NIC or try to run it in a live session.
I'm suspecting that VMs are working differently than live/hdd sessions. I will look for that.
I know that I'm asking too much from you, but I'm not in a rush. Try them when you got time.
Thank you dataghost!

zimmaro
2014-10-10, 09:13
Hi zimmaro and thank you for precious time and screen shoots.
Yes I believe so. I don't use wicd neither VMs.
I just uploaded a new version Aerial_0.14.0.9 with some fixes.
Please download it (from the 1st post) and run this one.
This is from changelog file:


Unfortunately I haven't test it in VMs and I don't know yet how it reacts in that environment. I will do that since many people running Kali in VMs. Can you please give the output of the following command?

nmcli dev status
Thank you again!


hi nick :)
new version started well in my vm's .....no block on connection-time.....now waiting ...for my-test-TIME :(
thanks for your hard-works
PS result of nmcli dev status
http://www.imagestime.com/show.php/979676_nick1.PNG.html

Nick_the_Greek
2014-10-10, 10:02
Hi zimmaro!
Now I get it why it was stuck in "waiting to connect". The script was expecting for the word "connected" in nmcli dev status command and not "collegato". lol It's a locales thing then. I will leave it that way the script. I didn't imagine that someone may use a different language for Kali.

Thank you for your reply my friend.

dataghost
2014-10-10, 16:14
Hey Nick, I will give that stuff a try in a bit, I am not using a vm, I am using kali 1.0.9 based on jessie, no hostap window showed up i never checked the PID i will though, im using ethernet for internet and for the wireless card im using rt2800usb, ath5k didnt work either. I will go over the steps you showed and see if i can fix it perhaps. Thanks again.

dataghost
2014-10-10, 18:06
Hi Nick, Hostapd is running I have a pid for that, udhcpd, and for dnsmasq here is my udhcpd config

start 192.168.60.130
end 192.168.60.150
interface wlan2
lease_file /var/lib/misc/udhcpd.leases
auto_time 120
pidfile /var/run/udhcpd.pid
option subnet 255.255.255.128
opt router 192.168.60.129
opt broadcast 192.168.60.255
option dns 192.168.1.1, fda8:16c6:f01e::1
option domain local
option lease 864000
Internet interface - Gateway - IP - DNS servers
Internet Interface : eth0 - pci:atl1c
Internet Gateway : 192.168.1.1
Internet IP : 192.168.1.78
Primary DNS server : 192.168.1.1
Secondary DNS server : fda8:16c6:f01e::1

Software Access Point options
Wireless NIC : wlan2 - usb:rt2800usb
Gateway : 192.168.60.129
Clients IPs : 192.168.60.130 - 192.168.60.150
ESSID : NETGEAR31
MAC address : 00:e0:5c:30:e5:a4
CRDA country : 00
Channel : 09
Based on : Hostapd
IEEE 802.11 standard : g 2.4GHz
Encryption : OPEN
Mode : Simple - Clients can access directly the Internet.

Hope this helps, thanks Nick

Not sure if it matters but the only screen showing in this mode is the watch screen

dataghost
2014-10-10, 18:27
Ive made some progress Ill report back :)

dataghost
2014-10-10, 18:54
rt2800usb is the culprit, maybe a driver issue, a few others worked ok, any ideas on the rt2800usb?

Nick_the_Greek
2014-10-10, 19:33
Hi dataghost!

Ive made some progress too. I've run the script with Kali x32 and I notice a weird thing, but first let give some clarification about the script.

As I said in the 1st post the script is mainly spitted in two major sections despite the download/install/backup etc routines.

1) The 1st one is how will create the Soft AP and the behavior of this.
The 1st part is spitted also in two sub-sections:
1.1) Airbase-ng based SoftAP.
1.2) Hostapd based SoftAP.
If we choose the airbase-ng method then we can use/set:
5Ghz channel or 2.4GHz channels, OPEN or WEP encryption.

If we choose the hostapd method then we can set/use:
5Ghz channels. 2.4GHz channels, high throughput for the previous bands, OPEN, WEP or WPA2 encryption and if we choose WPA2 encryption then we can activate if we want WPS (Wi-Fi protected setup)

2) The second section is how we handle the incoming and the outgoing traffic from and to the clients.Those are the 14 modes.

The 1st section doesn't care about the 2nd and the second doesn't care about the 1st. With that I want to say that the method that we choose to create the softAP doesn't effect the 14 modes. The modes will work no matter what.

Another thing that is crucial. If we choose the airbase-ng method with some interface (let's name it wlan0) then the scripts tries to exclude that interface from controlling by network manager. I will explain that later. This is not crucial. Airbase-ng should start no matter if the scripts achieves that.
What is crucial is when we choose the hostapd method. In this method the wlan0 interface MUST be excluded from controlling by network manager. If you open you wireless connection in network manager you should see wlan0 as "Device not managed" and none wireless AP listed above it. If the interface (wlan0) is continuing to managed by network manager hostapd will never start.

What I notice today is that I run the script in x32 Kali and no matter what one wireless interface that I choose to create the SoftAP couldn't be un-managed by network manager. This is not happening in x64 and I'm not very sure yet what is causing that. They are 2 working methods to exclude a wireless interface from controlling by network manager, I tried both and in x64 it works and in x32 it works only for the one of the two installed wireless NICs. I will look for that.

Back to your reply. Everything looks OK except the:

option dns 192.168.1.1, fda8:16c6:f01e::1
and
Secondary DNS server : fda8:16c6:f01e::1
what is the fda8:16c6:f01e::1 ? An IPv6 dns server? Did you change the OPEN DNS servers or the script is getting them from resolv.conf file?
Can you please look at /etc/resolv.conf?
Let's "debug" line by line the last page you're getting from my script:

Internet Interface : eth0 - pci:atl1c
This is your internet interface a pci Ethernet atl1c NIC

Internet Gateway : 192.168.1.1
Your Internet Gateway from your router/LAN

Internet IP : 192.168.1.78
Your Internet IP

Primary DNS server : 192.168.1.1
The primary DNS server from your router/LAN

Secondary DNS server : fda8:16c6:f01e::1
The secondary DNS server from your router/LAN


Software Access Point options
Wireless NIC : wlan2 - usb:rt2800usb
This is your wireless Interface that you have choose to create the softAP. A usb, rt2800 based wireless NIC

Gateway : 192.168.60.129
The gateway for your clients

Clients IPs : 192.168.60.130 - 192.168.60.150
The IP range that your clients will get

ESSID : NETGEAR31
Your SoftAP's name

MAC address : 00:e0:5c:30:e5:a4
Your wireless NIC's MAC address (it looks the real on. You don't change that I presume)

CRDA country : 00
"00" is is the world regulatory domain. You should set that because when we select the hostapd method we advertise that to our clients and some clients need to know what country code is using the softAP. Please set it.

Channel : 09
The channel that the softAP is braodcasting

Based on : Hostapd
You choose the hostapd method

IEEE 802.11 standard : g 2.4GHz
2.4GHz band. Usaully you can choose channels from 1 to 13 and you choose to not use the high throuput capabilities from you card. (ieee80.211g/n). You choose right. Let's keep it simple to see what is wrong.

Encryption : OPEN
No encryption. Everyone can join that softAP

Mode : Simple - Clients can access directly the Internet.
And finally you choose mode 1. Just give Internet access.

Not sure if it matters but the only screen showing in this mode is the watch screen
In that mode we monitoring through watch terminal who is connected, at what speed/signal etc and what IP is getting from udhcpd server. That's all for mode 1.

Please do not misunderstand me. I don't explain this line by line for you. I know that most are understandable by you. I explained them from everyone who is reading this.
I will wait for you findings!

Nick_the_Greek
2014-10-10, 19:54
rt2800usb is the culprit, maybe a driver issue, a few others worked ok, any ideas on the rt2800usb?
We are writing in the same time!
You could try to use airbase-ng based softAP if monitor mode/injection is working fine.
if it's not working well "play" with Nbpps_VALUE in aerial.conf file. The default value for airbase-ng is 100

Nbpps_USE yes
Nbpps_VALUE 100
lower that value to 100 and see what is going on.

See your dmesg output and
/var/log/syslog file to see what is happening.

Run the script and If hostapd is running as you said, kill hostapd and run it manually with debug enabled.

kill "`pidof hostapd`"
then go to Aerial folder and run hostapd

cd Aerial
hostapd -d hostapd.conf
or even more debug output

hostapd -d hostapd.conf
if you having troubles understanding the output, copy/paste them here or even better at http://pastebin.com/ and give the links.

The most suitable solution is to find another wireless NIC that supports AP mode. For compatible drivers/NICs please look here:
http://wireless.kernel.org/en/users/Drivers
and sort them by choosing AP to yes.
You said a "few others worked ok". I don't get that. What is working OK?

Nick_the_Greek
2014-10-11, 19:34
Script updated to version 0.14.1.0 (see first thread)
From CHANGELOG file:

Aerial (0.14.1.0) UNRELEASED; urgency=low

* Fixed/changed the way we check Internet connectivity.
* Some nmcli's words will displayed in Kali's native language.

-- Nick_the_Greek <hidden> Sat, 11 Oct 2014 21:34:05 +0000

nifty nerd
2014-10-13, 11:24
Hi, thanks for this awesome script. Finally got time to test it.
So far just tried , flipping the images, didn't work.
Will try again and keep you updated.
Also DCHP leases took some time. Seems reasonable i think, around 3-4 minutes.

Nick_the_Greek
2014-10-13, 16:00
Hi, thanks for this awesome script. Finally got time to test it.
So far just tried , flipping the images, didn't work.
Will try again and keep you updated.
Also DCHP leases took some time. Seems reasonable i think, around 3-4 minutes.

Hi nifty nerd!
To get your images flipped you have to clear your browser's cache (in your clients).
Every time you change from one mode to another and you visit with your client the same webpage over and over again you have to clear your client's browser cache because the images are already stored in that cache. You should get a message that kind in the script.

And yes it's quite normal to get DCHP leases (in the "watch" information terminal) in 3-4 minutes. It's not a script's related problem. That's the way dumpleases works.

BTW are you able to get a hostapd based AP? Which wireless NIC are you using? It's stable/fast enough? Too many questions? :)

nifty nerd
2014-10-13, 20:55
Hi nifty nerd!
To get your images flipped you have to clear your browser's cache (in your clients).
Every time you change from one mode to another and you visit with your client the same webpage over and over again you have to clear your client's browser cache because the images are already stored in that cache. You should get a message that kind in the script.

And yes it's quite normal to get DCHP leases (in the "watch" information terminal) in 3-4 minutes. It's not a script's related problem. That's the way dumpleases works.

BTW are you able to get a hostapd based AP? Which wireless NIC are you using? It's stable/fast enough? Too many questions? :)

Hi,
Yes I'm able to get hostapd based AP to work. For some reason it didn't work before. But i was too busy to find out why. With latest version works straight off.
Also I'm using ALFA AWUSO36NHA:AR9271 chipset and unknown NIC for internet (r8712u).
It's stable and fast enough.

Nick_the_Greek
2014-10-14, 06:44
Hi,
Yes I'm able to get hostapd based AP to work. For some reason it didn't work before. But i was too busy to find out why. With latest version works straight off.
Also I'm using ALFA AWUSO36NHA:AR9271 chipset and unknown NIC for internet (r8712u).
It's stable and fast enough.

Hi nifty nerd and thank you for your feedback.
If you have any problems or something it need clarification/more informations please let me know.
Have a nice day!

PS As I've seen AR9271 based NICs, AP mode works only with up to 7 stations due to a firmware limitation.
You can take a look here:
http://wireless.kernel.org/en/users/Drivers/ath9k_htc

dataghost
2014-10-14, 15:43
Hey Nick, I will have some time today, I will test further, airbase soft ap worked fine, the issue was the wireless card, its rt2800usb driver but will not work at all for hostapd, other wireless dongles I tried worked well for me. Thanks and I will touch base again.

Nick_the_Greek
2014-10-14, 16:51
Hey Nick, I will have some time today, I will test further, airbase soft ap worked fine, the issue was the wireless card, its rt2800usb driver but will not work at all for hostapd, other wireless dongles I tried worked well for me. Thanks and I will touch base again.

Hey my friend dataghost!

My rt2800usb based card has an Ralink Rt5370 chipset. With that card I'm able to setup a hostapd based soft AP with maximum 150Mbit/s since it supports only 1 partial stream and short GI for 40MHz channel width.

So, in some moments I could get the maximum theoretical throughput. It's not that stable and I'm getting allot of error but the clients are able to connect and I'm able to run all the modes without problems.

I'm looking forward for your feedback.

BTW if you're interesting to get a transparent SSL/TLS intercepted wireless LAN run mode 10. the sslsplit based mode. It's by far the most accurate/fast and stable than others but of course you have to install the appropriate CA certificate to you clients if you don't want to get any warnings in their browsers.

nifty nerd
2014-10-15, 05:24
Yes this script is something, thumbs up to you Nick.
Though i was wondering, if there is a way to limit bandwidth for each client?
Perhaps something to add on your next update?

Anyway, from the previous comment, how i would i go by install the CA certificate?
Thanks.

GodAnubis
2014-10-15, 10:06
Hey Nick,

first of all - AMAZING work you have done here. very easy for a noob like myself to use.

I have a few questions:

1. In option 10 you mentioned WhatsApp, is it possible to sniff WhatsApp messages ? if so - how ? i didnt understand how \ what should i use.
2. when using iPhone device, i keep getting SSL Certs messages (inavlid cert showing nick the greek as issuer :) ) - is this an issue or just something we have to live with ?

thank you !

Nick_the_Greek
2014-10-15, 18:00
Yes this script is something, thumbs up to you Nick.
Though i was wondering, if there is a way to limit bandwidth for each client?
Perhaps something to add on your next update?

Anyway, from the previous comment, how i would i go by install the CA certificate?
Thanks.
I haven't tried to limit bandwidth for each client and as far as I remember this cannot being done with hostapd, but we can limit the bandwidth of a certain interface. eg Internet or wireless. Some quick results are:
http://unix.stackexchange.com/questions/83888/limit-outgoing-bandwidth-on-an-specific-interface
http://www.ubuntugeek.com/use-bandwidth-shapers-wondershaper-or-trickle-to-limit-internet-connection-speed.html
Since I started with Aerial my main concern was how to maximize client's bandwidth with soft AP. I will look for that (to limit bandwidth).

As for the client's CA certificate:
The first time that you run the script, it will generate a new RSA key and the CA certificate for the programs that require to do on the fly certificate signing (sslsplit, mitmproxy, honeyproxy and squid3 with ssl) and various versions of the same certificate for the clients. In short we became a certificate anchor authority.

So if you look into ../../Aerial/ folder you will see among others a "CA-certificates" folder ../../Aerial/CA-certificates/
in that folder we are storing all the above. (key, certificate for programs and for clients). In that folder you should see also a README file which explains everhthing. Which file is used for and needed for.

Three files are used for the above programs (sslsplt, mitmproxy etc) to sign the certificates:
Aerial-ca.key ( CA private key needed for Proxies : Squid in the Middle, SSLsplit.)
Aerial-ca.crt ( CA certificate needed for Proxies : Squid in the Middle, SSLsplit.)
Aerial-ca.pem ( CA private key and certificate in PEM format needed for Proxies : MiTMProxy, HoneyProxy.)
Don't forget that the above key and certificate is used for ALL the modes that you choose. Is common for all of them.

and the other three are for our clients:
Aerial-ca-cert.pem ( CA certificate in PEM format needed for Clients: IOS,IOS Simulator,Firefox,Java,OSX,*nix systems.)
Aerial-ca-cert.p12 ( CA certificate in PKCS12 format needed for Clients: Windows platforms.)
Aerial-ca-cert.crt ( CA-private key and certificate encoded in binary DER needed for Clients: Android 4.x devices.)

So in short again. When let's say you choose mode 10 (sslsplit) then sslplit will use the Aerial-ca.key and Aerial-ca.crt files to dynamically generate on the fly all the requested site's certificates from our clients. I hope I explained that correctly to you. :) I know that my English are terrible!

But here there is a problem. Our clients doesn't know as a trusted one the certificate that the Aerial was generate and furthermore sslsplit is using, so we have to tell (install) to our clients that certificate and tell to their browsers or OSs to trust that.

So if you client is running Windows 8 then we have to install the Aerial-ca-cert.p12 to him so when sslplit is signing a site's certificate then the client of our soft AP will know that ,that certificate can be trust and NO warning will bring up.

To install a certificate (client's site) first read the README file in../../Aerial/CA-certificates/ folder and then please follow that link:
http://mitmproxy.org/doc/ssl.html
It's very well explained with pictures etc.
look at "Installing the mitmproxy CA". It's the same procedure, except the "Using the Web App" section. We don't have a web app in Aerial.

Don't forget that the key and certificate that Aerial is generating is used for ALL the modes that you choose. Is common for all of them. So if you install the appropriate certificate to your client then you can switch from one mode to another without any warnings from you clients. ;)

If you have any troubles please let me know.

@Everyone.
Does anybody was able to setup a 5GHz hostapd based software Access Point? Please guys/girls I write the code to support 5GHz soft APs and I don't know if it's working or not. Someone?

dataghost
2014-10-17, 16:05
Hey Nick, thanks for clearing up your card type, perhaps that was my issue, mine is still rt2800usb but the card is rt 3070. I should have time for testing today, Ill read up on the certificates, i connected with my ipad and my ipad warned me a ton of times about the connection.

Nick_the_Greek
2014-10-17, 19:37
Hey Nick,

first of all - AMAZING work you have done here. very easy for a noob like myself to use.

I have a few questions:

1. In option 10 you mentioned WhatsApp, is it possible to sniff WhatsApp messages ? if so - how ? i didnt understand how \ what should i use.
2. when using iPhone device, i keep getting SSL Certs messages (inavlid cert showing nick the greek as issuer :) ) - is this an issue or just something we have to live with ?

thank you !

Hi GodAnubis and thank you for your kind words.

Unfortunately I don't use WhatsApp but as far I've seen/read right now, from August 2013 sslplit will no longer sniff WhatsApp because WhatsApp client is checking the certificate fingerprints (thus making forgery impossible). You can take a look at the following links. They were my guide to create mode 10 and 11 (sslsplit and mitmproxy)
http://blog.philippheckel.com/2013/07/05/how-to-sniff-the-whatsapp-password-from-your-android-phone-or-iphone/
http://blog.philippheckel.com/2013/08/04/use-sslsplit-to-transparently-sniff-tls-ssl-connections/
http://blog.philippheckel.com/2013/07/01/how-to-use-mitmproxy-to-read-and-modify-https-traffic-of-your-phone/

As for your second question.
This is not a issue at all. You WILL get warnings from your clients until you install the appropriate certificate to them. I've tried to explain why this is needed here:
https://forums.kali.org/showthread.php?23028-Aerial-Multi-mode-wireless-LAN-Based-on-a-Software-Access-point&p=38547&viewfull=1#post38547
maybe in a wrong way. Let's try again by copying some parts from the above links. I now that my English are not in a very good shape :)


SSLsplit works quite similar to other transparent SSL proxy tools: It acts as a middle man between the client and the actual server. Provided that traffic is being redirected to the server on which SSLsplit is running, SSLsplit picks up SSL connections and pretends to be the server the client is connecting to. To do so, it dynamically generates a certificate and signs it with a the private key of a CA certificate that the client must trust.
So, sslsplit, mitmproxy. honeyproxy and Squid3 with SSL support they are using the same key and certificate that Aerial is creating the first time that you run it. It's common for all of them and it's unique for every FIRST run. My key and my certificate are NOT the same as yours.

Every key and certificate are common for the programs that need a key and certificate (sslsplit, mitmproxy. honeyproxy and Squid3 with SSL) but they are NOT common with other machines that are running the Aerial script.

OK now. We got the key, we got the certificate and all the above programs are able to dynamically generates a certificate and signs it. But your clients don't know that certificate. It's not listed in trusted Anchors certificate list. Therefore we must install the certificate (only the certificate not the key) to our clients and tell him to trust that.

Until you do that you will get constantly warnings and thats the way it should be.

Since you have iPhone (I don't) and iPhones are running iOS you should take a look into your ../../Aerail/CA-certificates/ folder and transfer the Aerial-ca-cert.pem file to your iPhone. (read the README file in that folder). To transfer it read this:
http://mitmproxy.org/doc/certinstall/ios.html
e-mail it to your self and install it.

When you do that, the warnings will disappear.

Don't forget that by installing the above certificate you will be able to switch from one Aerial's mode to another without getting any warnings. The certificate it's common for all the programs, remember?

A tip. If you don't want to see my name as an issuer, then open the script and go to line 1675 and you will see this:


openssl req -new -nodes -x509 -sha1 -out $HOME_DIR/CA-certificates/$friendly_name-ca.crt -key $HOME_DIR/CA-certificates/$friendly_name-ca.key -config $HOME_DIR/CA-certificates/x509v3ca.cnf -extensions v3_ca -subj '/O=Nick_the_Greek/OU=Nick_the_Greek Aerial RootCA 2014/CN=Nick_the_Greek '$friendly_name'/' -days 9999
This is the line that we create the CA certificate.
As you see I set /=O (organization) /=OU (Organization Unit) and /=CN (Common Name) to Nick_the_Greek. The variable $friendly_name is set to Aerial. You can change that also. Set it to whatever you want. It doesn't matter what you set. That what really matters is the format of our certificate and the format it's the right one.

I know that it's a little complicated that subject but if you read the articles in the above links I know that you will understand what it's going on.
Sorry for this long thread. I'm trying to explain it as better as I can.

BTW welcome to the forums. :)
and can I ask which wireless NIC are you using with Aerial? It supports Hostapd based of airbase-ng based soft AP? It's stable/fast?

Nick_the_Greek
2014-10-17, 19:43
Hey Nick, thanks for clearing up your card type, perhaps that was my issue, mine is still rt2800usb but the card is rt 3070. I should have time for testing today, Ill read up on the certificates, i connected with my ipad and my ipad warned me a ton of times about the connection.

Hi dataghost !

Maybe I should think of this earlier. rt2800usb is covering a big range of wireless NICs.Take a look here:
https://wiki.debian.org/rt2800usb#Supported_Devices

I've just write a better (?) explanation to GodAnubis about the certificates etc. Take a look at this also.

Jimbas
2014-10-20, 14:54
Hello, first of all you've done an amazing job in this script. gratz!
I'm a Linux starter, and i was making manual AP to mess with my iphone and ipad (only testing machines i have right now)
I used te mode number 10 and it "kind" of worked. i can surf on internet on my devices ( good! ) but some pages ( i think the ones using https ) ask me for a certificate, pressed install or accept, and then all https pages looked "blocked" like no internet connection. othes, work fine. Same thing happens on mobile apps, no connection on any.

any ideas ?

tks in advance, you guys are great!

Nick_the_Greek
2014-10-22, 06:33
Hello, first of all you've done an amazing job in this script. gratz!
I'm a Linux starter, and i was making manual AP to mess with my iphone and ipad (only testing machines i have right now)
I used te mode number 10 and it "kind" of worked. i can surf on internet on my devices ( good! ) but some pages ( i think the ones using https ) ask me for a certificate, pressed install or accept, and then all https pages looked "blocked" like no internet connection. othes, work fine. Same thing happens on mobile apps, no connection on any.

any ideas ?

tks in advance, you guys are great!

Hi Jimbas and thank for your kind words.

Please take a look at the above posts:
https://forums.kali.org/showthread.php?23028-Aerial-Multi-mode-wireless-LAN-Based-on-a-Software-Access-point&p=38547&viewfull=1#post38547
https://forums.kali.org/showthread.php?23028-Aerial-Multi-mode-wireless-LAN-Based-on-a-Software-Access-point&p=38627&viewfull=1#post38627

in short when you are browsing https sites and you press accept or install then you accept the signed certificate which is coming from sslsplit but NOT the authority who signs that certificate. The authority are the certificates that are stored at ../Aerial/CA-certificates/ folder and they are used by the program involving by the mode you are running.

What is crucial is to tell your client to accept the authority who signs it and that authority is sslsplit.

To do that go to ../Aerial/CA-certificates folder and read the README file. Now, depending on what clients you have (in your case iPhone/iPad) you must install the appropriate certificate to them. In your case is the Aerial-ca-cert.pem file.

By installing that file to your client you tell to your client that every single certificate that is coming from any https site and is signed by sslsplit is a trusted one and therefore can displayed without any warnings.

Since we are MiTM we must convince the client(s) that he can trust us ;)

Finally by doing so, (installing the CA certificate to your client) you can switch from one "Mode" to another without any warnings from clients since every program :sslsplit, mitmproxy,honeyproxy and Squid3 SSL are using the same CA certificate.

Happy testing!

PS Try to google about CA certificate, certificate Authority and things like to understand correctly what is going on, because maybe I'm not explain that subject correctly. I know that my English are terrible! :)

Jimbas
2014-10-22, 16:27
Nick_the_Greek you rock! haha thought the certificate was when I accept the "thing" on the website. Now it works perfect! (scary perfect!)

Now i'm just wondering, if its possible (probably it is!) to create a captive portal (like the one on pwnstar) but instead of a pdf, force download a certificate to start surfing.
Probably there is no way of for the client to install.. but we can force him to download.. and then internet is provided.
Or other (better) way, the PDF with the exploit, force him to install the cert.

I'm not asking for you (or anyone) to do that for me.. but if u could help me i'll be glad to learn :D

Nick_the_Greek
2014-10-22, 19:46
Aerial has a home now at github.
Since this Kali's support forum, I decide to move Aerial at Github. For bugs, new versions, download,wiki etc please visit:

https://github.com/Nick-the-Greek/Aerial

If you don't have an account at github you can ask me whatever you want about Aerial here also. I will answer as soon as I'm able to do that.

Nick_the_Greek
2014-10-23, 19:47
Nick_the_Greek you rock! haha thought the certificate was when I accept the "thing" on the website. Now it works perfect! (scary perfect!)

Now i'm just wondering, if its possible (probably it is!) to create a captive portal (like the one on pwnstar) but instead of a pdf, force download a certificate to start surfing.
Probably there is no way of for the client to install.. but we can force him to download.. and then internet is provided.
Or other (better) way, the PDF with the exploit, force him to install the cert.

I'm not asking for you (or anyone) to do that for me.. but if u could help me i'll be glad to learn :D

Yeah I know it's scary, but what is REALLY scary are things like that:
http://www.pcworld.com/article/2070880/french-government-subca-issues-unauthorized-certificates-for-google-domains.html
http://www.mail-archive.com/[email protected]/msg01782.html

Anyway in to your subject. Sure you can do things like that, but unfortunately I don't have the time to do that at the moment. For the next couple months I'm too busy to do anything else except to help people with Aerial or any Kali Linux related stuff.
But..... :)
As you've seen in Aerial there is a mode "9. MiTM - Forced downloading files."

In short in that mode we are forcing our clients to download our files, when they click to download something that matches to a file's extension *.exe, *.zip etc from ANY http site. Not an https site.
The files that we are forcing to download are produced by Aerila and all are zero bytes files and they are stored at ../Aerial/bad_files folder. Don't forget to run that mode at least one time so that folder and files to created.

In practice: You could use something like this:
How to distribute root certificates as exe files (http://poweradmin.se/blog/2010/01/23/how-to-distribute-root-certificates-as-exe-files/)
or like this:
Smooth root certificate deployment for mobile devices (http://poweradmin.se/blog/2009/11/15/smooth-root-certificate-deployment-for-mobile-devices/)

and try to see if you can create those .exe and/or .cab files with the appropriate CA certificate which Aerial was create for you. Please have in mind that I haven't try it yet.

Assuming that you create an exe file with the above method and it's working, then you can rename it to test.exe and place that file to ../Aerial/bad_files/ folder and overwrite the zero byte test.exe file that is already there.

Aerial expects to find an test.exe file to serve it to your clients. It doesn;t care what exe file it is. All it need it's a filename which is called test.exe or text.zip etc...
So, now you can setup an soft AP, run mode 9 and check with SARG to see if your clients was download an exe file, If the client was download an exe file then be sure that he/she downloads YOUR test.exe file renamed to the file that you clients was asked to and if he/she executes it then your CA certificate was installed and you can switch to a different mode e.g. mode 10 (sslsplit).

An example:
You have done all the above and you run mode "9. MiTM - Forced downloading files."
You client decides to download CPU-Z from here:
http://www.cpuid.com/softwares/cpu-z.html
when he/she clicked to download 1.71-setup-en.exe file, then Aerial will rename the ../Aerial/bad_files/test.exe file (that you have create) to 1.71-setup-en.exe and it will serve it to your client. This will happen when a file asked by your client(s) and the filename extensions matches with the extensions that Aerial was expecting to find which are *.exe *.zip *.rar *.doc and *.msi.

if you want Aerial to supports *.cab files tell me so. It's very easy to do it.

Anyway, I know it's a kind "manual" situation but I believe that would be a good task for you or anybody else.
Try it and I would love to see your findings. Maybe we can build together in the future a new "mode" more automated.

Tip: Look into the Aerial script and search for any sites. Those links in this thread are included into Aerial. ;)

skycrazy
2014-10-23, 21:11
Hey Nick, any advice if possible compatible with nethunter. Many thanks and great work

Nick_the_Greek
2014-10-24, 07:36
Hey Nick, any advice if possible compatible with nethunter. Many thanks and great work

Hi skycrazy.

I'm watching very closely the nethunder project and I can admit that I'm very excited about that. Unfortunately I don't own a Nexus device and thus I can't test Aerial with it but I'm planning to do that in the near future, not until January-February.
That would be my next project in 2015 :)

As for now if you're able to have installed the required programs for Aerial maybe it should work.
Tale a look at first page to see what programs are required.
Have a nice day!

subject_3156
2014-10-29, 19:59
Hey Nick_the_Greek,

I have a problem with running Aerial.

I use Kali 1.0.9. VM edition with TL-WDN3200 (RT5572 chipset) and I can't get fake AP started...

Also I noticed that every time script restarts network manager, it gets stuck at ''Waiting to connect to internet...'' and eth0 (interface where my internet is connected) doesn't start. I ''fixed'' that problem with manually starting eth0 everytime with
ifup eth0 and I managed to go to the end of script where process starts, but I don't see my AP.

As of settings, I use following:
-Internet interface: eth0 - pci:e1000
-SoftAP wireless interface: wlan0 - usb:rt2800usb
-hostapd mode (tried with airbase-ng too; all are supported)
-custom ESSID: bnet
-current MAC adress (used custom one too but no effect)
-CRDA:00
-used channel 1 for softAP
-tried all modes (g/n20/n40)
-OPN encryption

Looks like a really nice script, would be shame not to test it... :/

subject_3156
2014-10-29, 20:23
Ok, II didn't manage to find a solution but I found new problems... :/

When connecting to internet over 3G USB stick, Aerial doesn't even want to start.. But if I go around it by leaving it on wlan, and then disconecting it looks like it solves the problem... Also, manual reconnecting issue is still there; I have to manualy connect 3G stick to internet every time Aerial resets my network manager.
What I noticed more (also happened before on VM but I thought is was VM issue) is that wlan card starts to hang. By that I mean that after failed attempt to execute script complitely, wlan card (one that is supposed to generate AP) doesn't want to connect to internet anymore; it just hangs... I think that some service still continues to work which needs to be ended in order for wlan to start working again...

Hope that I helped a bit

Nick_the_Greek
2014-10-31, 20:16
Ok, II didn't manage to find a solution but I found new problems... :/

When connecting to internet over 3G USB stick, Aerial doesn't even want to start.. But if I go around it by leaving it on wlan, and then disconecting it looks like it solves the problem... Also, manual reconnecting issue is still there; I have to manualy connect 3G stick to internet every time Aerial resets my network manager.
What I noticed more (also happened before on VM but I thought is was VM issue) is that wlan card starts to hang. By that I mean that after failed attempt to execute script complitely, wlan card (one that is supposed to generate AP) doesn't want to connect to internet anymore; it just hangs... I think that some service still continues to work which needs to be ended in order for wlan to start working again...

Hope that I helped a bit

Hi subject_3156 and I'm very sorry for being late to respond, but I'm very busy and I will be busy for the next couple of months.
Anyway, to your subject.
There are two problems, I'm never tried Aerial with VMs and I never use it with 3G USB stick, so is hard to find what is wrong, but let's give it a shot.
To get Aerial to work some thing are required. One of them is Internet connectivity. If it doesn't detect Internet connectivity it will not continue. As I said, I don't know how your 3G USB stick acts. It's controlled by network manager? What it's interface name? Can you give me please the output of some basic commands to see if I can make some changes to Aerial?
Connect to Internet with your 3G usb, run the following, give me back the output of the commands and please tell me with which interface are you connected to Internet and with which interface are you trying to create the rogue AP.


ifconfig
iwconfig
iw phy # This should tell us your wireless card's capabilities.
route -n | awk '($1 == "0.0.0.0") { print $NF ; exit }' # This should tell us your Internet interface
nmcli dev status # This should tell us how is managed your Internet interface by network manager.
then restart network and network manager by:

service network-manager stop
service networking stop
service networking start
service network-manager start
and re-run the:


route -n | awk '($1 == "0.0.0.0") { print $NF ; exit }' # This should tell us your Internet interface and not being an empty output.
nmcli dev status # This should tell us how is managed your Internet interface by network manager.

Run all the above commands, post back the output and we will see what is wrong.

Thank you for taking the time to test my script and please be patient. I will post back when I'm able to do that.

eme101
2014-11-15, 01:57
Thank you for an amazing script!


I have problems getting hostapd to work on a 64-bit version of kali. And udhcpd to distribute ips on 32-bit. Ive got a readout of what hostapd spews out:






random: Trying to read entropy from /dev/random
Configuration file: /root/Desktop/aerial/Aerial/hostapd.conf
ctrl_interface_group=0
rfkill: initial event: idx=0 type=2 op=0 soft=1 hard=0
rfkill: initial event: idx=6 type=1 op=0 soft=0 hard=0
nl80211: Supported cipher 00-0f-ac:1
nl80211: Supported cipher 00-0f-ac:5
nl80211: Supported cipher 00-0f-ac:2
nl80211: Supported cipher 00-0f-ac:4
nl80211: Using driver-based off-channel TX
nl80211: interface wlan0 in phy phy5
nl80211: Set mode ifindex 8 iftype 3 (AP)
nl80211: Failed to set interface 8 to mode 3: -16 (Device or resource busy)
nl80211: Try mode change after setting interface down
nl80211: Set mode ifindex 8 iftype 3 (AP)
nl80211: Mode change succeeded while interface is down
nl80211: Setup AP(wlan0) - device_ap_sme=0 use_monitor=0
nl80211: Subscribe to mgmt frames with AP handle 0xfc5120
nl80211: Register frame type=0xb0 (WLAN_FC_STYPE_AUTH) nl_handle=0xfc5120 match=
nl80211: Register frame type=0x0 (WLAN_FC_STYPE_ASSOC_REQ) nl_handle=0xfc5120 match=
nl80211: Register frame type=0x20 (WLAN_FC_STYPE_REASSOC_REQ) nl_handle=0xfc5120 match=
nl80211: Register frame type=0xa0 (WLAN_FC_STYPE_DISASSOC) nl_handle=0xfc5120 match=
nl80211: Register frame type=0xc0 (WLAN_FC_STYPE_DEAUTH) nl_handle=0xfc5120 match=
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0xfc5120 match=
nl80211: Register frame type=0x40 (WLAN_FC_STYPE_PROBE_REQ) nl_handle=0xfc5120 match=
nl80211: Add own interface ifindex 8
nl80211: if_indices[16]: 8
phy: phy5
BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits)
wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Previous country code 00, new country code 00
nl80211: Regulatory information - country=00
nl80211: 2402-2472 @ 40 MHz 20 mBm
nl80211: 2457-2482 @ 40 MHz 20 mBm (no IR)
nl80211: 2474-2494 @ 20 MHz 20 mBm (no OFDM) (no IR)
nl80211: 5170-5250 @ 160 MHz 20 mBm (no IR)
nl80211: 5250-5330 @ 160 MHz 20 mBm (DFS) (no IR)
nl80211: 5490-5730 @ 160 MHz 20 mBm (DFS) (no IR)
nl80211: 5735-5835 @ 80 MHz 20 mBm (no IR)
nl80211: 57240-63720 @ 2160 MHz 0 mBm
nl80211: Added 802.11b mode based on 802.11g information
Driver does not support configured HT capability [SMPS-STATIC]
wlan0: interface state COUNTRY_UPDATE->DISABLED
wlan0: AP-DISABLED
wlan0: Unable to setup interface.
hostapd_interface_deinit_free(0xfc0590)
hostapd_interface_deinit_free: num_bss=1 conf->num_bss=1
hostapd_interface_deinit(0xfc0590)
hostapd_bss_deinit: deinit bss wlan0
wlan0: Deauthenticate all stations
nl80211: send_mlme - da= ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH) nlmode=3
nl80211: send_mlme -> send_frame
nl80211: send_frame - Use bss->freq=0
nl80211: send_frame -> send_frame_cmd
nl80211: Frame command failed: ret=-22 (Invalid argument) (freq=0 wait=0)
hostapd_cleanup(hapd=0xfc3f30 (wlan0))
hostapd_free_hapd_data: Interface wlan0 wasn't started
hostapd_interface_deinit_free: driver=0x49b640 drv_priv=0xfc4df0 -> hapd_deinit
nl80211: Remove monitor interface: refcount=0
nl80211: Remove beacon (ifindex=8)
netlink: Operstate: ifindex=8 linkmode=0 (kernel-control), operstate=6 (IF_OPER_UP)
nl80211: Set mode ifindex 8 iftype 2 (STATION)
nl80211: Failed to set interface 8 to mode 2: -16 (Device or resource busy)
nl80211: Try mode change after setting interface down
nl80211: Set mode ifindex 8 iftype 2 (STATION)
nl80211: Failed to set interface 8 to mode 2: -16 (Device or resource busy)
nl80211: Delaying mode set while interface going down
nl80211: Set mode ifindex 8 iftype 2 (STATION)
nl80211: Mode change succeeded while interface is down
nl80211: Teardown AP(wlan0) - device_ap_sme=0 use_monitor=0
nl80211: Unsubscribe mgmt frames handle 0x888888888874d9a9 (AP teardown)
hostapd_interface_free(0xfc0590)
hostapd_interface_free: free hapd 0xfc3f30
hostapd_cleanup_iface(0xfc0590)
hostapd_cleanup_iface_partial(0xfc0590)
hostapd_cleanup_iface: free iface=0xfc0590







Can anyone help?


Thanks

Nick_the_Greek
2014-11-15, 21:09
Thank you for an amazing script!


I have problems getting hostapd to work on a 64-bit version of kali. And udhcpd to distribute ips on 32-bit. Ive got a readout of what hostapd spews out:






random: Trying to read entropy from /dev/random
Configuration file: /root/Desktop/aerial/Aerial/hostapd.conf
ctrl_interface_group=0
rfkill: initial event: idx=0 type=2 op=0 soft=1 hard=0
rfkill: initial event: idx=6 type=1 op=0 soft=0 hard=0
nl80211: Supported cipher 00-0f-ac:1
nl80211: Supported cipher 00-0f-ac:5
nl80211: Supported cipher 00-0f-ac:2
nl80211: Supported cipher 00-0f-ac:4
nl80211: Using driver-based off-channel TX
nl80211: interface wlan0 in phy phy5
nl80211: Set mode ifindex 8 iftype 3 (AP)
nl80211: Failed to set interface 8 to mode 3: -16 (Device or resource busy)
nl80211: Try mode change after setting interface down
nl80211: Set mode ifindex 8 iftype 3 (AP)
nl80211: Mode change succeeded while interface is down
nl80211: Setup AP(wlan0) - device_ap_sme=0 use_monitor=0
nl80211: Subscribe to mgmt frames with AP handle 0xfc5120
nl80211: Register frame type=0xb0 (WLAN_FC_STYPE_AUTH) nl_handle=0xfc5120 match=
nl80211: Register frame type=0x0 (WLAN_FC_STYPE_ASSOC_REQ) nl_handle=0xfc5120 match=
nl80211: Register frame type=0x20 (WLAN_FC_STYPE_REASSOC_REQ) nl_handle=0xfc5120 match=
nl80211: Register frame type=0xa0 (WLAN_FC_STYPE_DISASSOC) nl_handle=0xfc5120 match=
nl80211: Register frame type=0xc0 (WLAN_FC_STYPE_DEAUTH) nl_handle=0xfc5120 match=
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0xfc5120 match=
nl80211: Register frame type=0x40 (WLAN_FC_STYPE_PROBE_REQ) nl_handle=0xfc5120 match=
nl80211: Add own interface ifindex 8
nl80211: if_indices[16]: 8
phy: phy5
BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits)
wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Previous country code 00, new country code 00
nl80211: Regulatory information - country=00
nl80211: 2402-2472 @ 40 MHz 20 mBm
nl80211: 2457-2482 @ 40 MHz 20 mBm (no IR)
nl80211: 2474-2494 @ 20 MHz 20 mBm (no OFDM) (no IR)
nl80211: 5170-5250 @ 160 MHz 20 mBm (no IR)
nl80211: 5250-5330 @ 160 MHz 20 mBm (DFS) (no IR)
nl80211: 5490-5730 @ 160 MHz 20 mBm (DFS) (no IR)
nl80211: 5735-5835 @ 80 MHz 20 mBm (no IR)
nl80211: 57240-63720 @ 2160 MHz 0 mBm
nl80211: Added 802.11b mode based on 802.11g information
Driver does not support configured HT capability [SMPS-STATIC]
wlan0: interface state COUNTRY_UPDATE->DISABLED
wlan0: AP-DISABLED
wlan0: Unable to setup interface.
hostapd_interface_deinit_free(0xfc0590)
hostapd_interface_deinit_free: num_bss=1 conf->num_bss=1
hostapd_interface_deinit(0xfc0590)
hostapd_bss_deinit: deinit bss wlan0
wlan0: Deauthenticate all stations
nl80211: send_mlme - da= ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH) nlmode=3
nl80211: send_mlme -> send_frame
nl80211: send_frame - Use bss->freq=0
nl80211: send_frame -> send_frame_cmd
nl80211: Frame command failed: ret=-22 (Invalid argument) (freq=0 wait=0)
hostapd_cleanup(hapd=0xfc3f30 (wlan0))
hostapd_free_hapd_data: Interface wlan0 wasn't started
hostapd_interface_deinit_free: driver=0x49b640 drv_priv=0xfc4df0 -> hapd_deinit
nl80211: Remove monitor interface: refcount=0
nl80211: Remove beacon (ifindex=8)
netlink: Operstate: ifindex=8 linkmode=0 (kernel-control), operstate=6 (IF_OPER_UP)
nl80211: Set mode ifindex 8 iftype 2 (STATION)
nl80211: Failed to set interface 8 to mode 2: -16 (Device or resource busy)
nl80211: Try mode change after setting interface down
nl80211: Set mode ifindex 8 iftype 2 (STATION)
nl80211: Failed to set interface 8 to mode 2: -16 (Device or resource busy)
nl80211: Delaying mode set while interface going down
nl80211: Set mode ifindex 8 iftype 2 (STATION)
nl80211: Mode change succeeded while interface is down
nl80211: Teardown AP(wlan0) - device_ap_sme=0 use_monitor=0
nl80211: Unsubscribe mgmt frames handle 0x888888888874d9a9 (AP teardown)
hostapd_interface_free(0xfc0590)
hostapd_interface_free: free hapd 0xfc3f30
hostapd_cleanup_iface(0xfc0590)
hostapd_cleanup_iface_partial(0xfc0590)
hostapd_cleanup_iface: free iface=0xfc0590







Can anyone help?


Thanks

Hi eme101
Can you please tell me which wirelless card are you using?

repzeroworld
2014-11-16, 00:12
hello Nick_the_Greek
I haven't tested your script as yet...writing such a lengthy script requires alot of work!..hope your script goes viral..haha!.:D

Nick_the_Greek
2014-11-16, 19:04
Hi repzeroworld
I'm, looking forward for your feedback, when you got time to test it. :)

eme101
2014-11-17, 22:24
Hi eme101
Can you please tell me which wirelless card are you using?



I have tried these three with various results:

ALFA AWUS036NHA
ath9k_htc
Atheros AR9271x


ALFA AWUS051NH
rt2800usb
Ralink RT2770 RT2750


ALFA AWUS036NHR
rtl8192cu
RTL8188RU

The script says the ralink-card is supported using all options when selecting hostapd. I have got it to wark semi-fine if I run hostapd with 802.11g only.

Rajnish357
2014-11-21, 12:57
How can I limit the clients of my Soft AP to access only Facebook or Gmail ??

Nick_the_Greek
2014-11-22, 19:47
How can I limit the clients of my Soft AP to access only Facebook or Gmail ??

Hi Rajnish357.
An easy way, at least for me is iptables. Search a little bit how to redirect trafic to a specific IP with iptables.

Nick_the_Greek
2014-11-22, 19:55
I have tried these three with various results:

ALFA AWUS036NHA
ath9k_htc
Atheros AR9271x


ALFA AWUS051NH
rt2800usb
Ralink RT2770 RT2750


ALFA AWUS036NHR
rtl8192cu
RTL8188RU

The script says the ralink-card is supported using all options when selecting hostapd. I have got it to wark semi-fine if I run hostapd with 802.11g only.

Hi eme101.
The script it's not that accurate about the capabilities of a wireless card because is "reading" the output of iw command. The output of that command claims to support a capability, but in reality it might not be supported.
Is short, the safest way is to use 802.11g. Then you can try to 802.11n with 20 MHz channel width and if you succeeded with that then you can move to 802.11n 40MHz channel width.
Try them all, one by one. It all depends on chipset, drivers and hostapd.

bahha
2014-11-30, 23:26
I have read the whole script you did a **** good work. I haven't used it because I want to select only what I need and refresh my rusty shell. thank you very much

Rajnish357
2014-12-02, 13:27
Hi Rajnish357.
An easy way, at least for me is iptables. Search a little bit how to redirect trafic to a specific IP with iptables.



Thanks alot Nick_the_Greek, for the reply..... but I'm a beginner, can you please give me a sample code or point me to any tutorial please....

bahha
2014-12-07, 00:10
I have been playing with the script : I reduced it to my need as I already have Hostapd that run through Dhcp . and everything worked except I2P it was driving me crazy

it won't run as root I changed the I2p file to allow it still nothing . then I tried to restart it even if it's not running and it worked so in the modified script it's run by restart instead of start .

it start but I can't get it the http proxy to forward the connection I get on the client http outproxy some error with the web interface of i2p server

thanks I again for the great work I really enjoyed reading throught it . you got style !

update: after reading about the i2p I finally got it. the .i2p sites are accessible while the regular one I can access them through https when the proxy is set to https port

sluggz
2014-12-16, 22:52
I get this error.

[ info ] Airbase-ng NBPPS (Number of packets per second): 300 pps.
[ ok ] Stopping network connection manager: NetworkManager.
[ ok ] Deconfiguring network interfaces...done.
[ ok ] Configuring network interfaces...done.
[ ok ] Starting network connection manager: NetworkManager.
[ ok ] Waiting to connect again to the Internet.
Aerial.sh: 5825: Aerial.sh: cannot create /etc/squid3/squid.conf: Directory nonexistent
Aerial.sh: 1: Aerial.sh: squid3: not found
[ ok ] Starting UDHCPD server for subnet.(conf file: /etc/udhcpd.conf)
[....] Starting DNSMASQ - DNS Forwarder.(conf file: /root/Aerial/Aerial/dnsmasq.conf)Aerial.sh: 5990: Aerial.sh: /etc/init.d/udhcpd: not found
[ ok ] Starting DNSMASQ - DNS Forwarder.(conf file: /root/Aerial/Aerial/dnsmasq.conf)

Your clients now can access the Internet.
There is no interception, no nothing.
Aerial is acting as an Access Point.

Everything seems to start fine but when I connect to AP, it has no internet and is limited/ doesnt get an ip address. From the looks of it, it looks like something with DHCP.

bahha
2014-12-17, 15:13
I get this error.

[ info ] Airbase-ng NBPPS (Number of packets per second): 300 pps.
[ ok ] Stopping network connection manager: NetworkManager.
[ ok ] Deconfiguring network interfaces...done.
[ ok ] Configuring network interfaces...done.
[ ok ] Starting network connection manager: NetworkManager.
[ ok ] Waiting to connect again to the Internet.
Aerial.sh: 5825: Aerial.sh: cannot create /etc/squid3/squid.conf: Directory nonexistent
Aerial.sh: 1: Aerial.sh: squid3: not found
[ ok ] Starting UDHCPD server for subnet.(conf file: /etc/udhcpd.conf)
[....] Starting DNSMASQ - DNS Forwarder.(conf file: /root/Aerial/Aerial/dnsmasq.conf)Aerial.sh: 5990: Aerial.sh: /etc/init.d/udhcpd: not found
[ ok ] Starting DNSMASQ - DNS Forwarder.(conf file: /root/Aerial/Aerial/dnsmasq.conf)

Your clients now can access the Internet.
There is no interception, no nothing.
Aerial is acting as an Access Point.

Everything seems to start fine but when I connect to AP, it has no internet and is limited/ doesnt get an ip address. From the looks of it, it looks like something with DHCP.

that's where the problem is. your IP tables will redirect the traffic through squid but it's not working, may be it's not installed

sluggz
2014-12-18, 19:45
that's where the problem is. your IP tables will redirect the traffic through squid but it's not working, may be it's not installed

I fixed that problem and I am no longer getting any errors that I can see. I connect to the wifi but it never leases me an IP Address...

bahha
2014-12-21, 20:54
I fixed that problem and I am no longer getting any errors that I can see. I connect to the wifi but it never leases me an IP Address...

then your dhcp server is not functioning, I personally modified the script to use dhcpd instead of the supplied one

alt0id
2014-12-29, 06:03
I get this error.

[ info ] Airbase-ng NBPPS (Number of packets per second): 300 pps.
[ ok ] Stopping network connection manager: NetworkManager.
[ ok ] Deconfiguring network interfaces...done.
[ ok ] Configuring network interfaces...done.
[ ok ] Starting network connection manager: NetworkManager.
[ ok ] Waiting to connect again to the Internet.
Aerial.sh: 5825: Aerial.sh: cannot create /etc/squid3/squid.conf: Directory nonexistent
Aerial.sh: 1: Aerial.sh: squid3: not found
[ ok ] Starting UDHCPD server for subnet.(conf file: /etc/udhcpd.conf)
[....] Starting DNSMASQ - DNS Forwarder.(conf file: /root/Aerial/Aerial/dnsmasq.conf)Aerial.sh: 5990: Aerial.sh: /etc/init.d/udhcpd: not found
[ ok ] Starting DNSMASQ - DNS Forwarder.(conf file: /root/Aerial/Aerial/dnsmasq.conf)

Your clients now can access the Internet.
There is no interception, no nothing.
Aerial is acting as an Access Point.

Everything seems to start fine but when I connect to AP, it has no internet and is limited/ doesnt get an ip address. From the looks of it, it looks like something with DHCP.

I'm also having the issue w/ limited internet access. Everything starts fine, however when connecting w/ a victim machine my AP has "limited access" and can't connect to the web. Any ideas?

Rajnish357
2015-01-14, 21:09
On my internet network i must use local proxy server 172.16.8.2:8080 as proxy setting in browers and applications to connect to internet but i'm unable to find how can i apply these settings to Aerial and make it work over Proxy ?

Please help someone...

zimmaro
2015-01-20, 19:04
hi dear nick:-)
Now that everything is back to normal (in my real life .... && my 2 cars have returned home ...) .. I started playing with your wonderful script !!!
I made a little video with the use of the number 9 options (wouhhh)

https://vimeo.com/117293271

PS: sorry for low-quality ... i'm not much ""abile"" with the screen-recorders !!!

AS always very, very thanks Again !!!:o

mmusket33
2015-01-21, 02:20
To Nick The Greek

Reference the negative one issue with airbase-ng. It has not affected airbase-ng performance with Pwnstar - however we coded around it in the script by putting the wifi device supporting airbase-ng in mode monitor:

ifconfig wlan0 down # device used by airbase-ng
iwconfig wlan0 mode monitor
ifconfig wlan0 up

This keeps network-manager from trying to use the device used by airbase-ng and kills the negative-one issue.

MTeams

Hizagashira
2015-01-21, 22:11
thanks so much for your amazing tool Nick the Greek !
It works perfectly for me with the option 9 as said Zimmaro!

This is a really great script!
Thanks! :)

mmusket33
2015-01-25, 08:49
Aerial.sh is truely the Mona Lisa of bash and phishing programs. But like Mona Lisa it has one small flaw that can ground all your phishing plans to a halt. It doesnot allow you to put spaces in the ESSID name. Thus if your targets' name is:

Home Wifi

you cannot emulate it. The reason is in the sophistication of the programming itself and comes down to two(2) parenthasis but that is another story. Here is a simple method to patch your Aerial to allow ESSID names with spaces and unlock the programs full potential.

1. Install aerial.sh using the stock program. Get all your files downloaded and installed.

2. Once installed test the stock program using airbase-ng and setup menu item one(1):

Simple WLAN (Clients can access Internet)

3. Test here means use a second computer and actually access the internet thru the aerial WLAN.

One warning. If you are using two(2) wifi devices, the wifi device providing internet access must be connected to a router while the device supporting the rogueAP must be disonnected from any such association. The program during setup constantly resets Network-manager. The device supporting the rogue may keep trying to associate to another router. To function as an AP this device must be disconnected from any association to other devices so keep checking the network-manager appelet during the setup to insure the wifi device supporting airbase-ng is disconnected. During these Network-manager restarts, give the program time to let the wifi device providing internet access to reassociate to the AP.

4. Once everything is up and running and you are familiar with the program and how it functions you can patch it.

Make a copy of Aerial.sh and only work on the copy. You can rename it another name like Aerialpatched.sh and run it just the same as the stock version. If you make a mistake delete, make another copy and start again. Go here for the patch. It is just a list of 4 command lines in text format that you need to add or change:

Once changed airbase-ng will allow ESSID names with spaces.

The patching steps are detailed, simply download the text file and follow the instructions

http://www.datafilehost.com/d/49357f28

Musket Teams

okinu
2015-02-18, 07:37
Hi,
I would like yo ask you somethings about the certificates.
I see the folder where the files are also the readme.
But how to install them? just doubble click them and import?
or should i open them in the terminal?

gonedsram
2015-02-26, 09:31
Hi Nick,


After installing the Aerial.sh (although i wasnt able to do the patching of Hostapd since I havent figured out the following on how to issue
sed 's%#CONFIG_DRIVER_HOSTAP=y%CONFIG_DRIVER_HOSTAP=y% g' $HOME_DIR/hostap/hostapd/defconfig > $HOME_DIR/hostap/hostapd/defconfig1 && mv $HOME_DIR/hostap/hostapd/defconfig1 $HOME_DIR/hostap/hostapd/defconfig
sed 's%#CONFIG_DRIVER_NL80211=y%CONFIG_DRIVER_NL80211= y%g' $HOME_DIR/hostap/hostapd/defconfig > $HOME_DIR/hostap/hostapd/defconfig1 && mv $HOME_DIR/hostap/hostapd/defconfig1 $HOME_DIR/hostap/hostapd/defconfig
sed 's%#CONFIG_LIBNL32=y%CONFIG_LIBNL32=y%g' $HOME_DIR/hostap/hostapd/defconfig > $HOME_DIR/hostap/hostapd/defconfig1 && mv $HOME_DIR/hostap/hostapd/defconfig1 $HOME_DIR/hostap/hostapd/defconfig
sed 's%#CONFIG_IEEE80211N=y%CONFIG_IEEE80211N=y%g' $HOME_DIR/hostap/hostapd/defconfig > $HOME_DIR/hostap/hostapd/defconfig1 && mv $HOME_DIR/hostap/hostapd/defconfig1 $HOME_DIR/hostap/hostapd/defconfig
sed 's%#CONFIG_IEEE80211AC=y%CONFIG_IEEE80211AC=y%g' $HOME_DIR/hostap/hostapd/defconfig > $HOME_DIR/hostap/hostapd/defconfig1 && mv $HOME_DIR/hostap/hostapd/defconfig1 $HOME_DIR/hostap/hostapd/defconfig
sed 's%#CONFIG_ACS=y%CONFIG_ACS=y%g' $HOME_DIR/hostap/hostapd/defconfig > $HOME_DIR/hostap/hostapd/defconfig1 && mv $HOME_DIR/hostap/hostapd/defconfig1 $HOME_DIR/hostap/hostapd/defconfig
sed 's%#CONFIG_TLS=openssl%CONFIG_TLS=openssl%g' $HOME_DIR/hostap/hostapd/defconfig > $HOME_DIR/hostap/hostapd/defconfig1 && mv $HOME_DIR/hostap/hostapd/defconfig1 $HOME_DIR/hostap/hostapd/defconfig
sed 's%#CONFIG_WPS=y%CONFIG_WPS=y%g' $HOME_DIR/hostap/hostapd/defconfig > $HOME_DIR/hostap/hostapd/defconfig1 && mv $HOME_DIR/hostap/hostapd/defconfig1 $HOME_DIR/hostap/hostapd/defconfig
sed 's%#CONFIG_WPS_UPNP=y%CONFIG_WPS_UPNP=y%g' $HOME_DIR/hostap/hostapd/defconfig > $HOME_DIR/hostap/hostapd/defconfig1 && mv $HOME_DIR/hostap/hostapd/defconfig1 $HOME_DIR/hostap/hostapd/defconfig

....

everytime I start Aerial.sh and choose option 11 (https://vimeo.com/114373690) to following this video. The Mitmproxy log windows closes. Cant seem to follow the above video.

Also, in the video, it states that user request (google.de) will be redirected to IP/index.htm then to mitm.it. Can you further illustrate on how to do these?

Rarity
2015-03-28, 23:52
Script won't successfully run.. any ideas? I do have the v3.18-rc1 backport installed to fix the negative one issue, not sure if that conflicts with Aerial somehow.


Most probably network manager automatically connects you again to the Internet
using the wireless NIC with the strongest signal or sometimes gets confused and
is using all your wireless NIC's to connect to (if you have more then one)
Please check the following and if you see STATE connected on more then one
wireless NIC then please disconnect manually then one that you don't want,
leave only one connected to Internet and press Enter
DEVICE TYPE STATE
eth0 802-3-ethernet connected
wlan0 802-11-wireless disconnected
wlan1 802-11-wireless disconnected
Press ENTER to continue...



Nope!
You CAN'T continue. You are connected to Internet with more than one
wireless NIC. Sorry. Exit...

wn722
2015-03-29, 19:43
anyone tested Aerial with tp-link wn722?

https://wikidevi.com/wiki/TP-LINK_TL-WN722N

kolong
2015-06-03, 01:23
Hi nick,

Everytime i run Aerial.sh, i get this

D e p e n d e n c i e s :
[ updated ] apt-get list.
[ found ] UDHCPD: Very small Busybox based DHCP server.
[ found ] Aircrack-ng: Wireless WEP/WPA cracking utilities.
[ found ] Proxychains: Redirect connections through proxy servers.
[ found ] Proxyresolv: DNS resolving.
[ found ] ImageMagick's Mogrify: Image manipulation programs.
[ found ] jp2a: Converts jpg images to ASCII.
[ found ] Ghostscript: Interpreter for the PostScript language and for PDF.
[ found ] Apache2: HTTP Server.
[ found ] DNSmasq: A small caching DNS proxy and DHCP/TFTP server.
[ found ] Haveged: Linux entropy source using the HAVEGE algorithm.
[ found ] Squid3 v3.1.20: Full featured Web Proxy cache (HTTP proxy) without SSL support.
[ found ] Sarg: Squid Analysis Report Generator.
[ found ] TOR (The Onion Router): A connection-based low-latency anonymous communication system.
[ found ] ARM (The Anonymizing Relay Monitor): Terminal status monitor for TOR.
[ ok ] Adding i2P's repository to APT's /etc/apt/sources.list file.
[ ok ] Installing the keys to sign the repository and add it to apt.
[ ok ] Updating Repositories.
[ ok ] Installing I2P (The Invisible Internet Project).
[ ok ] Removing I2P's repository from APT's /etc/apt/sources.list file.
[ ok ] Updating Repositories.
[....] Modifying i2prouter to run as root.sed: can't read /usr/bin/i2prouter: No such file or directory
chmod: cannot access `/usr/bin/i2prouter': No such file or directory
[ ok ] Modifying i2prouter to run as root.
[ ok ] Do not start I2P on Start Up.

[ found ] Sslstrip version 0.9 :SSL/TLS man-in-the-middle attack tool.
[ found ] SSLsplit version 0.4.8: Transparent and scalable SSL/TLS interception
[ found ] Mitmproxy: SSL-capable man-in-the-middle HTTP proxy.
[ found ] HoneyProxy: HTTP(S) Traffic investigation and analysis.
[ found ] Installation package Airchat v2.1a: Wireless Fun.
[ found ] Installation packages Squid3-(i386-amd64) v.3.3.8 with SSL support.

B a c k U p F i l e s :

[....] Making a backup copy of current IPTABLES to /root/Aerial/backup//root/Aerial/Aerial.sh: 1255: /root/Aerial/Aerial.sh: cannot create /root/Aerial/backup/iptables.original: Directory nonexistent
[ ok ] Making a backup copy of current IPTABLES to /root/Aerial/backup/
[....] Making a backup copy of Sarg's configuration file to /root/Aerial/backupcp: cannot create regular file `/root/Aerial/backup/sarg.conf': No such file or directory
[ ok ] Making a backup copy of Sarg's configuration file to /root/Aerial/backup
[....] Making a backup copy of Squid3's configuration file to /root/Aerial/backupcp: cannot create regular file `/root/Aerial/backup/squid.conf': No such file or directory
[ ok ] Making a backup copy of Squid3's configuration file to /root/Aerial/backup
[....] Making a backup copy of proxychains.conf configuration file to /root/Aerial/backupcp: cannot create regular file `/root/Aerial/backup/proxychains.conf': No such file or directory
[ ok ] Making a backup copy of proxychains.conf configuration file to /root/Aerial/backup
[....] Making a backup copy of proxyresolv file to /root/Aerial/backupcp: cannot create regular file `/root/Aerial/backup/proxyresolv': No such file or directory
[ ok ] Making a backup copy of proxyresolv file to /root/Aerial/backup
[....] Making a backup copy of Apache2's httpd configuration file to /root/Aerial/backupcp: cannot create regular file `/root/Aerial/backup/apache2.conf': No such file or directory
[ ok ] Making a backup copy of Apache2's httpd configuration file to /root/Aerial/backup
mkdir: cannot create directory `/root/Aerial/backup/www': No such file or directory
[....] Making a backup copy of /var/www/ folder to /root/Aerial/backup/www/cp: cannot stat `/var/www/*': No such file or directory
[ ok ] Making a backup copy of /var/www/ folder to /root/Aerial/backup/www/
[....] Cleaning up /var/www/ folderrm: cannot remove `/var/www/*': No such file or directory
[ ok ] Cleaning up /var/www/ folder
[....] Making a backup copy of UDHCPD configuration file to /root/Aerial/backupcp: cannot create regular file `/root/Aerial//backup/udhcpd.conf': No such file or directory
[ ok ] Making a backup copy of UDHCPD configuration file to /root/Aerial/backup
[....] Making a backup copy of TOR's configuration file (torrc) to /root/Aerial/backupcp: cannot create regular file `/root/Aerial/backup/torrc': No such file or directory
[ ok ] Making a backup copy of TOR's configuration file (torrc) to /root/Aerial/backup
[....] Making a backup copy of I2P's files (i2ptunnel.config, i2prouter) to /root/Aerial/backupcp: cannot stat `/usr/share/i2p/i2ptunnel.config': No such file or directory
cp: cannot stat `/usr/bin/i2prouter': No such file or directory
[ ok ] Making a backup copy of I2P's files (i2ptunnel.config, i2prouter) to /root/Aerial/backup
[....] Making a backup copy of /etc/network/interfaces to /root/Aerial/backupcp: cannot create regular file `/root/Aerial/backup/interfaces': No such file or directory
[ ok ] Making a backup copy of /etc/network/interfaces to /root/Aerial/backup
[....] Making a backup copy of /etc/default/crda to /root/Aerial/backupcp: cannot create regular file `/root/Aerial/backup/crda': No such file or directory
[ ok ] Making a backup copy of /etc/default/crda to /root/Aerial/backup
Sarg is not modified yet. Please run this script again and when asked to customize, answer (1). - Stop
cp: cannot stat `/root/Aerial/backup/sarg.conf': No such file or directory

Please help me. Thanks

skycrazy
2015-07-21, 19:52
Just a thought, any chance of incorporating a captive portal style to the simple no(1) in the script. Direct all traffic to one page(apache maybe) guess an accept the conditions of use page maybe :-) . Have been slightly altering the script with little success so far. Any pointers in the right direction or impossible, hopefully not. id like to see this in the script. Thanks

zeroblood62
2015-07-29, 03:56
Can this be used with a single wireless adapter connected to the internet?

imitm
2015-10-13, 15:15
Hello!
I'm trying this scirpt, it installs well, and i'm choosing 10'th attack. It starts hostapd AP but i'm not getting IP for client. Could this be somehow resolved via dnsmasq?
Thanks!