Page 1 of 2 12 LastLast
Results 1 to 50 of 73

Thread: Aerial - Multi-mode wireless LAN Based on a Software Access point

  1. #1
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133

    Aerial - How to E-Z Setup a Multi-mode wireless LAN Based on a Software Access point

    Aerial WiFi

    Part 1

    What is it?
    ========
    Aerial is one of the easiest ways to create a full capable*, high speed*, at any band (5GHz or 2.4GHz), high through IEEE 802.11n* or not, with Wi-Fi protected setup* (WPS) or not, Software Access point on a Kali-Linux box with manipulated/intercepted/injected/ forced/proxied/MITMed or not traffic.
    * When Hostapd is used and depending on your wireless NIC's capabilities.


    Files:
    ====
    Aerial.0.14.1.0
    Aerial.sh (main script).
    README (this file).
    COPYING (License).
    CHANGELOG (Version History).
    /dependencies/
    /dependencies/airchat_2.1a/ airchat.tar.bz2 (Needed for mode 3)
    /dependencies/squid3_3.3.8-1.1Kali1_amd64/ (Needed for mode 13 Kali x64)
    /dependencies/squid3_3.3.8-1.1Kali1_amd64/squid3_3.3.8-1.1Kali1_amd64.deb
    /dependencies/squid3_3.3.8-1.1Kali1_amd64/squid3-common_3.3.8-1.1Kali1_all.deb
    /dependencies/squid3_3.3.8-1.1Kali1_amd64/squid-langpack_20140506-1.1Kali1_all.deb
    /dependencies/squid3_3.3.8-1.1Kali1_i386/ (Needed for mode 13 Kali x32)
    /dependencies/squid3_3.3.8-1.1Kali1_i386/squid3_3.3.8-1.1Kali1_i386.deb
    /dependencies/squid3_3.3.8-1.1Kali1_i386/squid3-common_3.3.8-1.1Kali1_all.deb
    /dependencies/squid3_3.3.8-1.1Kali1_i386/squid-langpack_20140506-1.1Kali1_all.deb

    Download / Installation
    ==================
    No installation is required.
    Download the latest bz2 file:
    Aerial_0.14.1.0.tar.bz2 6.3MB
    Code:
    sha1sum:
    8e17b35e3883f986ed3d7718b24bd3225a97fd8a
    check integrity by:
    Code:
    echo "8e17b35e3883f986ed3d7718b24bd3225a97fd8a  Aerial_0.14.1.0.tar.bz2" | sha1sum -c -
    extract it:
    Code:
    tar jxf Aerial_0.14.1.0.tar.bz2
    or download it from github:
    Code:
    git clone https://github.com/Nick-the-Greek/Aerial
    and run it by:
    Code:
    sh Aerial.sh
    Relax and let the script download/install, create CA certificates etc that is needed. DO NOT INTERRUPT IT. Let it finish. A new folder named "Aerial" will be created. Everything you want to find will be in that folder, e.g.
    aerial.conf (This script's configuration file)
    hostapd.conf (Hostapd configuration file)
    CA-certificates folder and the included certificates.
    Backup folder with the included files.
    ...

    When a "Mode" in executed then a new folder will be created with the corresponding name (e.g sslsplit) into the "Aerial" folder with all the files (configuration, logs etc) that invoke that "Mode". So the only thing that you have to do, is to run any "Mode" and then look at the corresponding folder of that "Mode". If a "Mode" is never executed, none folder will be created for that "Mode".

    Features
    =========
    o Menu driven.
    o Kali Linux x86 and x64 architectures compatible.
    o BackTrack 5R3 Linux x86 and x64 architectures compatible. (some modes).
    o Ability to use Airbase-ng for the creation of the Soft AP. (Your wireless NIC MUST support monitor mode).
    o Ability to use Hostapd for the creation of the Soft AP. (Your wireless NIC MUST support AP mode).
    o A configuration file (aerial.conf) with the ability to enable/disable some of the Aerial's menus (speed things up) and/or change directly script's values (ex Internet interface, wireless interface, channel, etc). Please refer to aerial.conf for detailed instructions.
    o Selectable language/date format/long URLs for SARG.
    o All inputs from users are filtered. You can't enter an invalid input.
    e.g. Internet interface, wireless interface, channel, CRDA, password, etc
    o Multiple examples for correct usage of the script.
    o Backup/restore of any configuration files or folders that it might be changed into the OS by the script.
    o Downloading and installation of all required programs, if they are not present:
    - UDHCPD: Very small Busybox based DHCP server.
    - Aircrack-ng Suite: Wireless WEP/WPA cracking utilities.
    - Proxychains: Redirect connections through proxy servers.
    - Proxyresolv: DNS resolving.
    - Mogrify: Image manipulation programs.
    - Jp2a: Converts jpg images to ASCII.
    - Ghostscript: Interpreter for the PostScript language and for PDF.
    - Apache2: HTTP Server.
    - Dnsmasq: A small caching DNS proxy and DHCP/TFTP server.
    - Haveged: Linux entropy source using the HAVEGE algorithm.
    - Squid3 v3.1.20 :Proxy caching server for web clients.
    - Sarg: Squid Analysis Report Generator.
    - Hostapd v2.3 devel: User space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator.
    - Hostapd v2.3 devel patch: Disable bss neighbor check/force 40 MHz channels. Please see part 2 paragraph (1)
    - TOR: The Onion Router: A connection-based low-latency anonymous communication system.
    - ARM: The Anonymizing Relay Monitor - Terminal status monitor for TOR.
    - I2P router: The Invisible Internet Project.
    - Sslstrip: SSL/TLS man-in-the-middle attack tool.
    - Sslsplit: Transparent and scalable SSL/TLS interception.
    - Mitmproxy: SSL-capable man-in-the-middle HTTP proxy.
    - Honey Proxy: HTTP(S) Traffic investigation and analysis.
    o Supplied with Aerial.0.x.x.tar.bz2:
    - Airchat v2.1a: Wireless Fun. (No installation is required. The script will handles this).
    - Installation packages Squid3-i386 and Squid3-amd64 v.3.3.8 compiled with SSL Bumping and Dynamic SSL Certificate Generation.
    o Unique (per run) Trust Anchor Certificate.
    o One common CA root certificate for the modes that requires a Trust Anchor Certificate:
    - SSLsplit.
    - Mitmproxy.
    - Honeyproxy.
    - Squid in the Middle.
    o Multiple formats of the CA certificate for all kind of clients:
    - IOS. (not tested)
    - IOS Simulator. (not tested)
    - Firefox. (tested)
    - Java. (not tested)
    - OSX. (not tested)
    - *nix systems. (tested)
    - Windows platforms. (tested)
    - Android 4.x devices. (tested)
    o Backup of the generated CA-certificates. (Just in case).
    o Stop/kill of any running processes when we re-run the script.
    o Ability to use any wireless NIC for the creation of the Soft AP. (In case that more than one is installed)
    o Auto-detect of Internet interface.
    o Auto-detect of Wireless interface(s).
    o Auto-detect of Wireless interface in monitor mode.
    o Auto-detect of Wireless interface's capabilities:
    - Access point mode. (hostapd compatible).
    - Monitor mode. (airbase-ng compatible).
    - Supported band:
    - IEEE 802.11a - 5GHz (airbase-ng or hostapd). (not tested).
    - IEEE 802.11g - 2.4 GHz (airbase-ng or hostapd). (tested).
    - IEEE 802.11a/n - 5GHz High Throughput (Only with hostapd). (not tested).
    - IEEE 802.11g/n - 2.4GHz High Throughput (Only with hostapd). (tested).
    o Ability to set/change ESSID: Extended Service Set Identification.
    o Ability to set/change MAC address: Media Access Control Address.
    o Ability to set/change CRDA: Central Regulatory Domain Agent.
    o Ability to set/change channel:
    Permitted to use channels are:
    IEEE 802.11g - 802.11g/n: 01 02 03 04 05 06 07 08 09 10 11 12 13 (tested).
    IEEE 802.11a - 802.11a/n: 36 40 44 48 52 56 60 64 (not tested).
    Non permitted to uses channels are:
    IEEE 802.11g - 802.11g/n: 14 (Japan) (tested).
    IEEE 802.11a - 802.11a/n: 100 104 108 112 116 120 124 128 132 136 140 149 153 157 161 165 (not tested).
    o Scanning for other Access Points and Ad-Hoc cells in your area and informations about suggested channels to use for:
    IEEE 802.11a - 5GHz (not tested)
    IEEE 802.11a/n - 5GHz 20Mhz channel width. (not tested).
    IEEE 802.11a/n - 5GHz 40Mhz channel width. (not tested).
    IEEE 802.11g - 2.4GHz (tested).
    IEEE 802.11g/n - 2.4GHz 20Mhz channel width. (tested).
    IEEE 802.11g/n - 2.4GHz 40Mhz channel width. (tested).
    o Wireless card's IEEE 802.11n capabilities and auto-usage in hostapd: (only when hostapd is selected).
    - Available Antenna(s).
    - Configured Antenna(s).
    - Supported channel width set (20Mhz/40Mhz).
    - LDPC coding capability.
    - Spatial Multiplexing (SM) Power Save.
    - HT-Greenfield.
    - SGI-Short Guard Interval for 20 MHz.
    - SGI-Short Guard Interval for 40 MHz.
    - Tx STBC-Space–Time Block Codes.
    - Tx Max spatial streams.
    - Rx STBC-Space–Time Block Codes. (One, two or three Spatial streams.)
    - Maximum A-MSDU length.
    - DSSS/CCK Mode in 40 MHz.
    - HT TX/RX MCS rate indexes supported.
    o Ability to set/change Encryption:
    - For airbase-ng based Soft AP:
    OPEN no encryption.
    WEP (ASCII password 40bits or 104bits).
    WEP (HEX password 40bits or 104bits).
    - For hostapd based Soft AP:
    OPEN no encryption.
    WEP (ASCII password 40bits or 104bits).
    WEP (HEX password 40bits or 104bits).
    WPA2 pre shared key. (8 to 32 characters long)
    When WPA2 encryption is selected you will have the ability to:
    - enable/disable Wi-Fi protected setup (WPS).
    - set WPS pin.
    o Free Disk Space and free RAM Calculation for optimizing Squid3's functionality.
    o Ability to use alternative DNS servers. (I'm using OPEN DNS servers.)
    o Summary/information about Internet interface and the created Soft AP.
    o Kernel's Entropy Pool Calculation. We make sure that hostapd will not run out from random number. We use Haveged algorithm.
    o Real time reports about who, what, when was visited by our WLAN.
    o Detailed reports about who, what, when top sites, top sites/users etc was visited by our WLAN.
    o Informations about which daemons/programs are running and which and where the configuration files are used.
    o Log files for almost all the modes.
    o Specially for mode 10 due to a massive number of log files a search script will be created (search.sh) to help do search queries into the sslsplit's log files.
    o Real time information about connected clients, Soft AP's statistic informations and leases granted by udhcp server (offered IPs to our clients).

    To be continued...
    Last edited by Nick_the_Greek; 2014-10-22 at 19:50. Reason: Github download
    Security always begins with personal responsibility. - quietman7

  2. #2
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Part 2

    Fourteen Access Point modes:
    =============================

    1. Simple WLAN - Clients can access Internet.
    Aerial will act as an Access Point. No interception, no nothing.

    2. Transparent HTTP Proxied WLAN Optimized for low Internet Speeds RTR*
    When low Internet speed is the case, this mode might be founded useful. We are trying to achieve high "HIT" rates with Squid3.To achieve that,in some cases, we violating http regulations.
    We keep cached files longer then it should be. Of course this mode can be used as an http proxied WLAN. This is the only mode that we cache file into our disk (HDD/SDD).

    3. Airchat - Wireless Fun: Clients will chat with AP and each other.
    The client's of our WLAN they will be forced to chat with our Soft AP and each other. They cannot access the Internet.

    4. TOR - Transparent anonymous Surfing - Deep Web access .onion sites.
    The clients of our WLAN will Transparently, Anonymous surfing the web through the TOR network and they can access .onion sites. DNS queries will also passed through TOR. In this mode we also running ARM an relay monitor program.

    5. I2P - Manual anonymous Surfing - Deep Web access .i2p sites
    The clients of our WLAN will Manual, Anonymously* surfing the web and they can access .i2p sites through i2p network. This is the only NON transparent mode. You have to manually set your client's browser to use our http and https proxy that is running into the Kali box. DNS requests will pass also through our Linux box and as such we might have DNS leaks. Finally please have in mind that i2p network is extremely slow. Sometimes you have to let it run for an hour or more to be able to visit some pages.

    6. MiTM - Transparent SSLstriped WLAN (Sslstrip).
    The all known sslstrip. The clients of our WLAN will Transparently and "sslstripped" surfing the web. Limitations see "Known bugs" below.

    7. MiTM - Transparent Proxied and SSLstriped WLAN (Squid3 <-> Sslstrip) RTR*
    Same as above but in this mode we cache transparently the visited pages with Squid3.

    8. MiTM - Flip, Blur, Swirl, ASCII, Tourette client's browser images RTR*
    8.1 Upside down images RTR*
    Your clients browser (http) images will be Upside Down.
    8.2 Blur images RTR*
    Your clients browser (http) images will be Blurred.
    8.3 Swirl images RTR*
    Your clients browser (http) images will be Swirled.
    8.4 ASCII Images RTR*
    Your clients browser (http) images will be converted into ASCII art.
    8.5 Tourette Images RTR*
    Your clients browser (http) images will be added by words.

    9. MiTM - Forced downloading files RTR*
    Your clients will be forced to download our files. The clients will transparently HTTP Proxied BUT they will be forced to download our test.(exe, zip, rar, doc, msi) when they asked to download ANY file from ANY HTTP site and that file matches the above extension, *.exe *.zip *.rar *.doc *.msi. Then the script will rename our test.* to the original filename and will serve it back to the client. Only http sites will get affected. This mode has no affect to https sites.

    10. MiTM - Transparent and scalable SSL/TLS intercepted WLAN (SSLsplit).
    The clients of WLAN will surf our transparent and scalable SSL/TLS intercepted WLAN. The clients can surf the web and we Transparently sniffing:
    non-SSL traffic : HTTP and WhatsApp
    SSL-based traffic: HTTPS, SMTP over SSL and IMAP over SSL.
    SSLsplit is a generic transparent TLS/SSL proxy for performing man-in-the-middle attacks on all kinds of secure communication protocols. Using SSLsplit, you can intercept and save SSL-based traffic and thereby listen in on any secure connection.

    11. MiTM - Transparent HTTP(S) intercepted WLAN (mitmproxy).
    Almost same as the above. The clients of WLAN will surf our transparent SSL/TLS intercepted WLAN. The main difference is that mitmproxy is an interactive console program that allows traffic flows to be inspected and edited on the fly. Only HTTP and HTTPS traffic are sniffed. No WhatsApp, no SMTP over SSL and IMAP over SSL.

    12. MiTM - Honey Proxy - Transparent HTTP(S) intercepted WLAN.
    The same as the above. The clients of WLAN will surf our transparent SSL/TLS intercepted WLAN. In this mode we get transparent HTTP(S) WLAN traffic investigating and analysis. HoneyProxy is a lightweight man-in-the-middle proxy that helps you analyze HTTP(S) traffic flows. It is tailored to the needs of security researchers and allows both real-time and log analysis. It focuses on features that are useful in a forensic context and allows extended visualization capabilities.

    13. SiTM - Squid in The Middle - Transparent HTTP(S) proxied WLAN RTR*
    The clients of our WLAN they will be transparent http and https proxied.

    14. JiTM - JavaScript in The Middle - Java Code Inject RTR*"
    Squid will inject each JavaScript file passing through the proxy.
    You can inject:
    1. A simple script that inject an annoying alert with a message.
    2. A script that captures the submitted form content without being noticed by the user. (submitted form must be in Java and it's not working quite well).
    3. Your own Java Script.

    (*RTR: Real Time Reports with SARG.)

    (1) Disable bss neighbor check/force 40 MHz channels patch.

    By default Hostapd does a check for overlapping channels with neighboring bss's before enabling 40 MHz channels as proposed by IEEE 802.11(a/g)n. This however might result in switching to 20 MHz channels in dense wlan areas.
    Code:
    # hostapd -d /etc/hostapd/hostapd.conf
    40 MHz affected channel range: [2407,2457] MHz
    Neighboring BSS: 00:19:xx:xx:xx:xx freq=2412 pri=0 sec=0
    Neighboring BSS: 9c:c7:xx:xx:xx:xx freq=2412 pri=1 sec=0
    Neighboring BSS: 88:25:xx:xx:xx:xx freq=2412 pri=1 sec=5
    40 MHz pri/sec mismatch with BSS 88:25:xx:xx:xx:xx <2412,2432> (chan=1+) vs. <2442,2422>
    20/40 MHz operation not permitted on channel pri=7 sec=3 based on overlapping BSSes
    As a matter of fact hostapd acts as the regulations required, but most manufactures does not perform that check and they broadcast with 40Mhz channels width no matter what. With this patch we let hostapd do that check but the results are ignored and we forcing hostapd to use 40Mhz channel width.
    A working/forced example of 40MHz channel width:
    Code:
    # hostapd -d /etc/hostapd/hostapd.conf
    40 MHz affected channel range: [2407,2457] MHz
    Neighboring BSS: 00:19:xx:xx:xx:xx freq=2412 pri=0 sec=0
    Neighboring BSS: 9c:c7:xx:xx:xx:xx freq=2412 pri=1 sec=0
    Neighboring BSS: 88:25:xx:xx:xx:xx freq=2412 pri=1 sec=5
    40 MHz pri/sec mismatch with BSS 88:25:xx:xx:xx:xx <2412,2432> (chan=1+) vs. <2442,2422>
    20/40 MHz operation not permitted on channel pri=7 sec=3 based on overlapping BSSes
    DFS 0 channels required radar detection
    nl80211: Set freq 2442 (ht_enabled=1, vht_enabled=0, bandwidth=40 MHz, cf1=2422 MHz, cf2=0 MHz)
    HT40: control channel: 7  secondary channel: 3
    Completing interface initialization
    Known bugs

    - By default the script will install Squid3 v3.1.20 from Kali repos. When mode 13 (Squid in the middle) is selected you will be prompted to uninstall Squid3 3.1.20 and install Squid3 v3.3.8 with SSL support (supplied with my bz2 file).

    Squid3 3.1.20 and Squid3 3.3.8 they cannot co-exist. They are incompatible.

    Unfortunately when Squid3 3.3.8 installed mode 8 (Flip, Blur, Swirl etc) and sub-menu for mode 8 will be dead.

    I couldn't find a way to make g0tmilk's scripts to work with Squid3 3.3.8. So, you will be prompt again to uninstall Squid3 3.3.8 and install again Squid3 3.1.20. If you have an idea how make g0tmilk's scripts to work with Squid3 3.3.8 please let know. It's very annoying this install/uninstall process.

    - In modes 6 & 7 where sslstrip is used it's very common to encouraged corrupt or broken https sites. This has nothing to do with the script. Sslstrip doesn't works if:
    - The client requests an address with HTTPS directly, e.g. HTTPS://www.example.com
    - The web site have the support for HSTS, that forces a browser to solely
    interact with the server using HTTPS.
    - The client is a smart-phone AND the user use an app (app like gmail, facebook etc. works only with HTTPS).
    Credits to repzeroworld (Kali Forums) for clarifying me how sslstrip works.

    Tested

    - Script running on:
    Kali Linux 1.0.6 (x32 x64).
    Kali Linux 1.0.7 (x32 x64).
    Kali Linux 1.0.8 (x32 x64).
    Kali Linux 1.0.9 (x32 x64).
    BackTrack 5R3 (x32 x64) some modes are working.

    - Wireless NICs:
    rt2800 pci-e - AP and monitor mode supported.
    rt2800 usb - AP and monitor mode supported.
    ath5k pci - AP and monitor mode supported.
    zd1211rw usb - AP and monitor mode supported.
    ar9271 (ALFA AWUSO36NHA) - - AP and monitor mode supported. (report from nifty nerd)

    - Clients:
    Kali Linux 1.0.x (x32 x64).
    Windows 8.0 32bit.
    Windows 8.0 64bit.
    Windows 8.1 64bit.
    Android 4.x devices.

    The Latest Version

    Details of the latest version can be found here on the Kali forums

    Documentation

    No documentation available yet. Only this README file.

    Licensing

    Please see the file called COPYING.

    Credits

    To my mentor: Gitsnik

    Feedback is welcomed warmly.

    Enjoy!

    Nick_the_Greek

    PS If someone was able to successfully setup a 5GHz Soft AP, then please let me know. The code it's there but I wasn't able to setup it due to the lack of the hardware.
    Last edited by Nick_the_Greek; 2014-10-16 at 17:31. Reason: Typos
    Security always begins with personal responsibility. - quietman7

  3. #3
    Join Date
    2013-Mar
    Location
    milano
    Posts
    301
    hi
    all always many thanks for share to community!!!!

  4. #4
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by zimmaro View Post
    hi
    all always many thanks for share to community!!!!
    Hey my friend zimmaro!
    Linux and sharing is the same thing, at least into my head.

    What do you thing about Aerial? Did you try it?
    It might look a little bit complicated (from the description in this thread) but I thing it's a very easy to use script.

    Do you mind ask you which wireless NIC do you use and if the hostapd based rogue access point works well? stable, fast etc
    (if your card supports AP mode).

    The strange thing is that I have almost 100 downloads and no feedback yet. Maybe it's working quite well or .........it's not working at all
    Time will tell.
    Security always begins with personal responsibility. - quietman7

  5. #5
    Join Date
    2013-Mar
    Location
    milano
    Posts
    301

    Unhappy

    Quote Originally Posted by Nick_the_Greek View Post
    Hey my friend zimmaro!
    Linux and sharing is the same thing, at least into my head.

    What do you thing about Aerial? Did you try it?
    It might look a little bit complicated (from the description in this thread) but I thing it's a very easy to use script.

    Do you mind ask you which wireless NIC do you use and if the hostapd based rogue access point works well? stable, fast etc
    (if your card supports AP mode).

    The strange thing is that I have almost 100 downloads and no feedback yet. Maybe it's working quite well or .........it's not working at all
    Time will tell.
    Dear nick I downloaded and installed your script ... but I have not had time to test it ... and 'a very bad period for me !! Last week some bastards thievesI INTRUSION in my house and stole 2 cars ..(mine&mywife)I am '**** ... and I'm in the middle of bureaucracy insurance !!! As soon as I open and free my mind (little) .. I swear test your work Thanks ..... My friend!!!!!!!sorry my english

  6. #6
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    I'm very sorry to hear that. I really hope to be solved as soon as possible the bureaucracy thing. I know very well about bureaucracy. I live in Greece and it's a nightmare.
    As for my script....no worries. I will wait for your feedback and if you want any help I will be here to assist you.
    Sorry for my English, also. lol.

    Have a good day my friend zimmaro!
    Security always begins with personal responsibility. - quietman7

  7. #7
    Join Date
    2013-Mar
    Location
    milano
    Posts
    301

    Red face

    Quote Originally Posted by Nick_the_Greek View Post
    I'm very sorry to hear that. I really hope to be solved as soon as possible the bureaucracy thing. I know very well about bureaucracy. I live in Greece and it's a nightmare.
    As for my script....no worries. I will wait for your feedback and if you want any help I will be here to assist you.
    Sorry for my English, also. lol.

    Have a good day my friend zimmaro!
    hi nick
    this morning (having 5 minutes free)
    a major premise must be 'made ​​(I have no technical skills and experience)
    I tried to start trying the script ..but I always stops on "" waiting to connect to the internet "" "both with hostapd that airbase-ng method
    in reality 'reconnection is already done with eth0 or wlanx
    In my kali's vm-machines I use (and needed for my experimetal) 2 clients for networking (wicd & gnome-default) is the problem related to it?
    sorry my ignorance & thanks
    http://www.imagestime.com/show.php/9...ttura.PNG.html
    test with eth0, alfa36h && alfa 36nh
    thanks again

  8. #8
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    [QUOTE=zimmaro;38233....(wicd & gnome-default) is the problem related to it? ....[/QUOTE]

    Hi zimmaro and thank you for precious time and screen shoots.
    Yes I believe so. I don't use wicd neither VMs.
    I just uploaded a new version Aerial_0.14.0.9 with some fixes.
    Please download it (from the 1st post) and run this one.
    This is from changelog file:
    Aerial (0.14.0.9) UNRELEASED; urgency=low

    * Fixed colored dialogs in Kali Linux, thanx
    to dataghost.
    * Added forgotten wireless interface down when airbase-ng
    is used, thanx to dataghost.
    * Removed the "waiting to connected to Internet" routine
    and replaced with simple sleep command, thanx to zimmaro.
    * Added correct links in README file.
    * Added credits to zimmaro and dataghost in README file.

    -- Nick_the_Greek <hidden> Tue, 09 Oct 2014 22:51:34 +0000
    Unfortunately I haven't test it in VMs and I don't know yet how it reacts in that environment. I will do that since many people running Kali in VMs. Can you please give the output of the following command?
    Code:
    nmcli dev status
    Thank you again!
    Last edited by Nick_the_Greek; 2014-10-09 at 20:24.
    Security always begins with personal responsibility. - quietman7

  9. #9
    dataghost Guest
    Hey Nick did you see my post about Aerial? I was wondering if you could give me further direction on why I can not connect to the fake ap on both hostap and softap with airbase thanks again

  10. #10
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by dataghost View Post
    Hello Nick, when running the script i get a lot of jumbled writing see below

    033[1;34mI n t e r n e t a n d W i r e l e s s i n t e r f a c e s :033[1;37m

    033[1;34mInternet Interface033[1;37m


    Please have in mind that if you DON'T want to be prompted every time for your Internet
    and wireless interfaces you can set \033[1;31mINET_WIRELESS_PROMPT yes\033[1;37m to \033[1;32mINET_WIRELESS_PROMPT no\033[1;37m
    in \033[1;32m/root/Aerial/aerial.conf\033[1;37m file

    You're currently using:
    Internet through : \033[1;32mwlan0 - pci:ath9k\033[1;37m

    Enter the name of the interface that you are
    connected to the Internet, [e.g.\033[1;31mppp0\033[1;37m,\033[1;31meth0\033[1;37m,\033[1;31mwlan0\033[1;37m ]
    Press ENTER for current (\033[1;32mwlan0\033[1;37m):

    There is a lot of settings, what would you like me to try for an attack in the menu 1-14 i believe, I tried sslsplit and no internet was provided.

    I will try some others. I still get the txpower issue when I ran the kali version of 911_ap, fake ap. I didnt seem to lose internet access though, I will test further.

    Also is there a clean way to shut the script down to clean up
    The jumbled writing are the colors. Some colors huh! lol
    I presume that you have run the script by:
    Code:
    ./Aerial.sh
    and not
    Code:
    sh Aerial.sh
    Anyway I made some changes and I uploaded a new version Aerial_0.14.0.9 Please try that.
    For now, the only clean way to shut the script is to re-run the script and stop it by control+c when you will be prompted for the Internet interface. Every time you run the script, it will stop/kill any processes that are invoke with it.


    Quote Originally Posted by dataghost View Post
    Hi Nick

    Update - I have tried MITMproxy, sslsplit, and sslstrip, I have tried both softap airbase and hostap, I have never heard of hostap so I am not sure exactly how it works, No matter what I am getting the channel -1 error, when i make a fake ap using kali normally i dont get that, at worst i run ifconfig wlanX down and its fine. Any ideas why this is happening and why I can not connect to the fake ap i am creating, it tries to connect but it cant. I am not using a 64 bit system its 32. Ill check back today, I hope I hear back, Thanks again Nick!!
    About hostap:
    http://en.wikipedia.org/wiki/Hostapd
    and home page:
    http://w1.fi/hostapd/
    In free translation it's a viagra powered airbase-ng (lol) It's an advanced way to create a virtual access point. More stable, more fast and much more configurable than airbase-ng.
    As for the God **** negative channel I include a line into the new v 0.14.0.9 "ifconfig wlanx down" before starting airbase-ng so you must be fine with that. Thank you for remind me that.

    For a hostapd based AP you must see at the page:
    H o s t a p d - A i r b a s e - n g - M E N U:


    You have a usb:rt2800usb wireless NIC, which it looks like it:

    CAN support Access Point mode (hostapd compatible):

    Hostapd mode : Status
    IEEE 802.11a 5GHz : Not supported
    IEEE 802.11g 2.4GHz : Supported
    IEEE 802.11n HT : Supported


    CAN support monitor mode (airbase-ng compatible):

    Airbase-ng mode : Status
    IEEE 802.11a 5GHz : Not supported
    IEEE 802.11g 2.4GHz : Supported

    Either way you have two options to try, for the creation of the SoftAP

    1. Hostapd based SoftAP
    2. Airbase-ng based SoftAP

    Supported drivers: http://wireless.kernel.org/en/users/Drivers
    Please enter your choice ( 1 - 2 ):
    The above telling us that the wireless NIC that I have choose for the creation of the Soft AP it can being used with hostapd, in 2.4 GHZ band (channels 1-13) and it support high throughput 802.11n HT.
    If you see:
    CAN NOT support Access Point mode (hostapd compatible):
    then the script will let you choose: 1. Hostapd based SoftAP but most probably you will not be able to create a hostapd based soft AP.
    Security always begins with personal responsibility. - quietman7

  11. #11
    dataghost Guest
    Thanks for the reply Nick, I will re-download and try the script again, Thanks for the clarification, As for the color issues, ./ is what i was doing and it didnt work, sh actually is what made it work lol

  12. #12
    dataghost Guest
    Hey Nick no matter what I do, I am unable to connect to the softap, I can create a normal fake ap manually and connect and sslstrip etc. on the script I also just tried the number 1 option for just wifi and no dice. Any ideas? I tried using eth0 and wlan0 both as the main internet connection

  13. #13
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by dataghost View Post
    Hey Nick no matter what I do, I am unable to connect to the softap, I can create a normal fake ap manually and connect and sslstrip etc. on the script I also just tried the number 1 option for just wifi and no dice. Any ideas? I tried using eth0 and wlan0 both as the main internet connection
    Hi dataghost
    Thank you for your reply and for your time.
    Are you running Kali as VM or live/hdd ?
    Are you using Gnome/KDE ?
    What wireless NIC are you using? It supports AP mode?
    If you select to create a hostapd based softAP did hostapd is running?
    Try with:
    Code:
    pidof hostapd
    if you're getting a number as an output then hostapd is running.
    If not then go to Aerial folder and run hostapd manually with debug enabled and please give me the output:
    Code:
    cd Aerial
    hostapd -d hostapd.conf
    just make sure hostapd.conf is present to Aerial folder and to do that Aerial.sh must be run at least one time and you must select to create a hostapd based AP. It should look like this:
    Code:
    # Interface, driver,essid,IEEE 802.11 mode,channel.
    interface=wlan1
    driver=nl80211
    ssid=free
    hw_mode=g
    channel=01
    
    #IEEE 802.11 related configuration
    macaddr_acl=0
    beacon_int=100
    dtim_period=2
    max_num_sta=20
    rts_threshold=2347
    fragm_threshold=2346
    ignore_broadcast_ssid=0
    macaddr_acl=0
    
    # Enable IEEE 802.11d. This advertises the country_code and the set of allowed
    # channels and transmit power levels based on the regulatory limits.
    country_code=GR
    ieee80211d=1
    #ieee80211h=1
    
    # IEEE 802.11n related configuration
    ieee80211n=0
    
    # The following will be replaced by the script with the corresponding 
    # values depending on your wireless NIC
    #ht_capab=
    
    # Event logger configuration
    logger_syslog=-1
    logger_syslog_level=2
    logger_stdout=-1
    logger_stdout_level=2
    
    ctrl_interface_group=0
    ctrl_interface=/var/run/hostapd
    
    # TX queue parameters (EDCF / bursting)
    
    # Low priority / AC_BK = background
    tx_queue_data3_aifs=7
    tx_queue_data3_cwmin=15
    tx_queue_data3_cwmax=1023
    tx_queue_data3_burst=0
    
    # Normal priority / AC_BE = best effort
    tx_queue_data2_aifs=3
    tx_queue_data2_cwmin=15
    tx_queue_data2_cwmax=63
    tx_queue_data2_burst=0
    
    # High priority / AC_VI = video
    tx_queue_data1_aifs=1
    tx_queue_data1_cwmin=7
    tx_queue_data1_cwmax=15
    tx_queue_data1_burst=3.0
    
    # Highest priority / AC_VO = voice
    tx_queue_data0_aifs=1
    tx_queue_data0_cwmin=3
    tx_queue_data0_cwmax=7
    tx_queue_data0_burst=1.5
    
    # Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e):
    wmm_enabled=1
    # Low priority / AC_BK = background
    wmm_ac_bk_cwmin=4
    wmm_ac_bk_cwmax=10
    wmm_ac_bk_aifs=7
    wmm_ac_bk_txop_limit=0
    wmm_ac_bk_acm=0
    # Normal priority / AC_BE = best effort
    wmm_ac_be_aifs=3
    wmm_ac_be_cwmin=4
    wmm_ac_be_cwmax=10
    wmm_ac_be_txop_limit=0
    wmm_ac_be_acm=0
    # High priority / AC_VI = video
    wmm_ac_vi_aifs=2
    wmm_ac_vi_cwmin=3
    wmm_ac_vi_cwmax=4
    wmm_ac_vi_txop_limit=94
    wmm_ac_vi_acm=0
    # Highest priority / AC_VO = voice
    wmm_ac_vo_aifs=2
    wmm_ac_vo_cwmin=2
    wmm_ac_vo_cwmax=3
    wmm_ac_vo_txop_limit=47
    wmm_ac_vo_acm=0
    
    # WPA/IEEE 802.11i configuration
    auth_algs=1
    wpa_psk_file=/etc/hostapd.psk
    wpa=2
    wpa_passphrase=asedrftgyhujik
    wpa_key_mgmt=WPA-PSK
    wpa_pairwise=CCMP
    rsn_pairwise=CCMP
    wpa_ptk_rekey=3600
    eap_server=1
    please copy-paste here your hostapd.conf file.

    Try to see if udhcpd is running:
    Code:
    pidof udhcpd
    if not then please copy-paste here your udhcpd.conf file.Is located at /etc/udhcpd.conf

    Try to see if dnsmasq is running:
    Code:
    pidof dnsmasq`
    if not then please copy-paste here your dnsmasq.conf file.Is located at ../Aerial/dnsmasq.conf

    If you select a airbase-ng based softAP, open the Aerial.conf file ../Aerial/aerial.conf
    and set Nbpps_USE from yes to no:
    Code:
    # If set to "yes" (without double quotes) nbpps (number of packets per second) 
    # and MTU (maximum transmission unit) will be used in airbase-ng based softAP. 
    # Nbpps's default value is 100. In my cards i've seen differences up to 300 
    # to 400 values. You can "play" with nbpps values and run some tests to find 
    # the optimum value for you card.  If you're having troubles, set it to 100.
    # Default values: yes nbpps: 300 and MTU: 1500
    Nbpps_USE yes
    Nbpps_VALUE 300
    MTU_MON 1500
    to:
    Code:
    Nbpps_USE no
    when is set to "yes" it will try to inject 300 packet/second. (the airbase-ng). When is set to "no" it will use the default value:100
    and if it's not trouble copy-paste here your aerial.conf file here.
    Look at /etc/network/interface file. You should see something like:
    Code:
    auto lo
    iface lo inet loopback
    iface wlanX inet manual
    wlanX is the wireless interface that you have select to create the softAP. If that line isn't present the add it your self, save it and run:
    Code:
    service network-manager stop
    service networking stop
    service networking start
    service network-manager start
    and re-run the script.
    I'm suggesting you to try to create a hostapd based soft AP, set a free channel, no high throughput, set CRDA, no encryption (OPEN) and mode 1.(just Internert access)
    Finally please copy-paste here the last page you're getting from Aerial.sh. It should look like this:
    Internet interface - Gateway - IP - DNS servers
    Internet Interface : wlan3 - usb:rt2800usb
    Internet Gateway : 192.168.1.1
    Internet IP : 192.168.1.5
    Primary DNS server : 192.168.1.1
    Secondary DNS server : 208.67.222.222

    Software Access Point options
    Wireless NIC : wlan0 - pci:rt2800pci
    Gateway : 192.168.60.129
    Clients IPs : 192.168.60.130 - 192.168.60.150
    ESSID : free
    MAC address : xx:xx:xx:xx:xx:xx
    CRDA country : GR
    Channel : 1
    Based on : Hostapd
    IEEE 802.11 standard : g 2.4GHz
    Encryption : OPEN
    Mode : Simple - Clients can access directly the Internet.

    If non of them are working try with a different wireless NIC or try to run it in a live session.
    I'm suspecting that VMs are working differently than live/hdd sessions. I will look for that.
    I know that I'm asking too much from you, but I'm not in a rush. Try them when you got time.
    Thank you dataghost!
    Last edited by Nick_the_Greek; 2014-10-20 at 19:47.
    Security always begins with personal responsibility. - quietman7

  14. #14
    Join Date
    2013-Mar
    Location
    milano
    Posts
    301
    Quote Originally Posted by Nick_the_Greek View Post
    Hi zimmaro and thank you for precious time and screen shoots.
    Yes I believe so. I don't use wicd neither VMs.
    I just uploaded a new version Aerial_0.14.0.9 with some fixes.
    Please download it (from the 1st post) and run this one.
    This is from changelog file:


    Unfortunately I haven't test it in VMs and I don't know yet how it reacts in that environment. I will do that since many people running Kali in VMs. Can you please give the output of the following command?
    Code:
    nmcli dev status
    Thank you again!

    hi nick
    new version started well in my vm's .....no block on connection-time.....now waiting ...for my-test-TIME
    thanks for your hard-works
    PS result of nmcli dev status
    http://www.imagestime.com/show.php/9...nick1.PNG.html

  15. #15
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Hi zimmaro!
    Now I get it why it was stuck in "waiting to connect". The script was expecting for the word "connected" in nmcli dev status command and not "collegato". lol It's a locales thing then. I will leave it that way the script. I didn't imagine that someone may use a different language for Kali.

    Thank you for your reply my friend.
    Security always begins with personal responsibility. - quietman7

  16. #16
    dataghost Guest
    Hey Nick, I will give that stuff a try in a bit, I am not using a vm, I am using kali 1.0.9 based on jessie, no hostap window showed up i never checked the PID i will though, im using ethernet for internet and for the wireless card im using rt2800usb, ath5k didnt work either. I will go over the steps you showed and see if i can fix it perhaps. Thanks again.

  17. #17
    dataghost Guest
    Hi Nick, Hostapd is running I have a pid for that, udhcpd, and for dnsmasq here is my udhcpd config

    start 192.168.60.130
    end 192.168.60.150
    interface wlan2
    lease_file /var/lib/misc/udhcpd.leases
    auto_time 120
    pidfile /var/run/udhcpd.pid
    option subnet 255.255.255.128
    opt router 192.168.60.129
    opt broadcast 192.168.60.255
    option dns 192.168.1.1, fda8:16c6:f01e::1
    option domain local
    option lease 864000
    Internet interface - Gateway - IP - DNS servers
    Internet Interface : eth0 - pci:atl1c
    Internet Gateway : 192.168.1.1
    Internet IP : 192.168.1.78
    Primary DNS server : 192.168.1.1
    Secondary DNS server : fda8:16c6:f01e::1

    Software Access Point options
    Wireless NIC : wlan2 - usb:rt2800usb
    Gateway : 192.168.60.129
    Clients IPs : 192.168.60.130 - 192.168.60.150
    ESSID : NETGEAR31
    MAC address : 00:e0:5c:30:e5:a4
    CRDA country : 00
    Channel : 09
    Based on : Hostapd
    IEEE 802.11 standard : g 2.4GHz
    Encryption : OPEN
    Mode : Simple - Clients can access directly the Internet.

    Hope this helps, thanks Nick

    Not sure if it matters but the only screen showing in this mode is the watch screen
    Last edited by dataghost; 2014-10-10 at 18:06. Reason: added info

  18. #18
    dataghost Guest
    Ive made some progress Ill report back

  19. #19
    dataghost Guest
    rt2800usb is the culprit, maybe a driver issue, a few others worked ok, any ideas on the rt2800usb?

  20. #20
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Hi dataghost!

    Ive made some progress too. I've run the script with Kali x32 and I notice a weird thing, but first let give some clarification about the script.

    As I said in the 1st post the script is mainly spitted in two major sections despite the download/install/backup etc routines.

    1) The 1st one is how will create the Soft AP and the behavior of this.
    The 1st part is spitted also in two sub-sections:
    1.1) Airbase-ng based SoftAP.
    1.2) Hostapd based SoftAP.
    If we choose the airbase-ng method then we can use/set:
    5Ghz channel or 2.4GHz channels, OPEN or WEP encryption.

    If we choose the hostapd method then we can set/use:
    5Ghz channels. 2.4GHz channels, high throughput for the previous bands, OPEN, WEP or WPA2 encryption and if we choose WPA2 encryption then we can activate if we want WPS (Wi-Fi protected setup)

    2) The second section is how we handle the incoming and the outgoing traffic from and to the clients.Those are the 14 modes.

    The 1st section doesn't care about the 2nd and the second doesn't care about the 1st. With that I want to say that the method that we choose to create the softAP doesn't effect the 14 modes. The modes will work no matter what.

    Another thing that is crucial. If we choose the airbase-ng method with some interface (let's name it wlan0) then the scripts tries to exclude that interface from controlling by network manager. I will explain that later. This is not crucial. Airbase-ng should start no matter if the scripts achieves that.
    What is crucial is when we choose the hostapd method. In this method the wlan0 interface MUST be excluded from controlling by network manager. If you open you wireless connection in network manager you should see wlan0 as "Device not managed" and none wireless AP listed above it. If the interface (wlan0) is continuing to managed by network manager hostapd will never start.

    What I notice today is that I run the script in x32 Kali and no matter what one wireless interface that I choose to create the SoftAP couldn't be un-managed by network manager. This is not happening in x64 and I'm not very sure yet what is causing that. They are 2 working methods to exclude a wireless interface from controlling by network manager, I tried both and in x64 it works and in x32 it works only for the one of the two installed wireless NICs. I will look for that.

    Back to your reply. Everything looks OK except the:
    Code:
    option	dns		192.168.1.1, fda8:16c6:f01e::1	
    and
    Secondary DNS server : fda8:16c6:f01e::1
    what is the fda8:16c6:f01e::1 ? An IPv6 dns server? Did you change the OPEN DNS servers or the script is getting them from resolv.conf file?
    Can you please look at /etc/resolv.conf?
    Let's "debug" line by line the last page you're getting from my script:
    Code:
    Internet Interface   : eth0 - pci:atl1c
    This is your internet interface a pci Ethernet atl1c NIC
    Code:
    Internet Gateway     : 192.168.1.1
    Your Internet Gateway from your router/LAN
    Code:
    Internet IP          : 192.168.1.78
    Your Internet IP
    Code:
    Primary DNS server   : 192.168.1.1
    The primary DNS server from your router/LAN
    Code:
    Secondary DNS server : fda8:16c6:f01e::1
    The secondary DNS server from your router/LAN

    Code:
              Software Access Point options
    Wireless NIC         : wlan2 - usb:rt2800usb
    This is your wireless Interface that you have choose to create the softAP. A usb, rt2800 based wireless NIC
    Code:
    Gateway              : 192.168.60.129
    The gateway for your clients
    Code:
    Clients IPs          : 192.168.60.130 - 192.168.60.150
    The IP range that your clients will get
    Code:
    ESSID                : NETGEAR31
    Your SoftAP's name
    Code:
    MAC address          : 00:e0:5c:30:e5:a4
    Your wireless NIC's MAC address (it looks the real on. You don't change that I presume)
    Code:
    CRDA country         : 00

    "00" is is the world regulatory domain. You should set that because when we select the hostapd method we advertise that to our clients and some clients need to know what country code is using the softAP. Please set it.

    Code:
    Channel              : 09
    The channel that the softAP is braodcasting
    Code:
    Based on             : Hostapd
    You choose the hostapd method
    Code:
    IEEE 802.11 standard : g 2.4GHz
    2.4GHz band. Usaully you can choose channels from 1 to 13 and you choose to not use the high throuput capabilities from you card. (ieee80.211g/n). You choose right. Let's keep it simple to see what is wrong.
    Code:
    Encryption           : OPEN
    No encryption. Everyone can join that softAP
    Code:
    Mode                 : Simple - Clients can access directly the Internet.
    And finally you choose mode 1. Just give Internet access.
    Not sure if it matters but the only screen showing in this mode is the watch screen
    In that mode we monitoring through watch terminal who is connected, at what speed/signal etc and what IP is getting from udhcpd server. That's all for mode 1.

    Please do not misunderstand me. I don't explain this line by line for you. I know that most are understandable by you. I explained them from everyone who is reading this.
    I will wait for you findings!
    Last edited by Nick_the_Greek; 2014-10-20 at 19:50.
    Security always begins with personal responsibility. - quietman7

  21. #21
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by dataghost View Post
    rt2800usb is the culprit, maybe a driver issue, a few others worked ok, any ideas on the rt2800usb?
    We are writing in the same time!
    You could try to use airbase-ng based softAP if monitor mode/injection is working fine.
    if it's not working well "play" with Nbpps_VALUE in aerial.conf file. The default value for airbase-ng is 100
    Code:
    Nbpps_USE yes
    Nbpps_VALUE 100
    lower that value to 100 and see what is going on.

    See your dmesg output and
    /var/log/syslog file to see what is happening.

    Run the script and If hostapd is running as you said, kill hostapd and run it manually with debug enabled.
    Code:
    kill "`pidof hostapd`"
    then go to Aerial folder and run hostapd
    Code:
    cd Aerial
    hostapd -d hostapd.conf
    or even more debug output
    Code:
    hostapd -d hostapd.conf
    if you having troubles understanding the output, copy/paste them here or even better at http://pastebin.com/ and give the links.

    The most suitable solution is to find another wireless NIC that supports AP mode. For compatible drivers/NICs please look here:
    http://wireless.kernel.org/en/users/Drivers
    and sort them by choosing AP to yes.
    You said a "few others worked ok". I don't get that. What is working OK?
    Security always begins with personal responsibility. - quietman7

  22. #22
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Script updated to version 0.14.1.0 (see first thread)
    From CHANGELOG file:
    Code:
    Aerial (0.14.1.0) UNRELEASED; urgency=low
    
      * Fixed/changed the way we check Internet connectivity.
      * Some nmcli's words will displayed in Kali's native language.
    
     -- Nick_the_Greek <hidden>  Sat, 11 Oct 2014 21:34:05 +0000
    Security always begins with personal responsibility. - quietman7

  23. #23
    Join Date
    2014-Sep
    Posts
    4
    Hi, thanks for this awesome script. Finally got time to test it.
    So far just tried , flipping the images, didn't work.
    Will try again and keep you updated.
    Also DCHP leases took some time. Seems reasonable i think, around 3-4 minutes.

  24. #24
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by nifty nerd View Post
    Hi, thanks for this awesome script. Finally got time to test it.
    So far just tried , flipping the images, didn't work.
    Will try again and keep you updated.
    Also DCHP leases took some time. Seems reasonable i think, around 3-4 minutes.
    Hi nifty nerd!
    To get your images flipped you have to clear your browser's cache (in your clients).
    Every time you change from one mode to another and you visit with your client the same webpage over and over again you have to clear your client's browser cache because the images are already stored in that cache. You should get a message that kind in the script.

    And yes it's quite normal to get DCHP leases (in the "watch" information terminal) in 3-4 minutes. It's not a script's related problem. That's the way dumpleases works.

    BTW are you able to get a hostapd based AP? Which wireless NIC are you using? It's stable/fast enough? Too many questions?
    Last edited by Nick_the_Greek; 2014-10-13 at 18:31. Reason: Better explained.
    Security always begins with personal responsibility. - quietman7

  25. #25
    Join Date
    2014-Sep
    Posts
    4
    Quote Originally Posted by Nick_the_Greek View Post
    Hi nifty nerd!
    To get your images flipped you have to clear your browser's cache (in your clients).
    Every time you change from one mode to another and you visit with your client the same webpage over and over again you have to clear your client's browser cache because the images are already stored in that cache. You should get a message that kind in the script.

    And yes it's quite normal to get DCHP leases (in the "watch" information terminal) in 3-4 minutes. It's not a script's related problem. That's the way dumpleases works.

    BTW are you able to get a hostapd based AP? Which wireless NIC are you using? It's stable/fast enough? Too many questions?
    Hi,
    Yes I'm able to get hostapd based AP to work. For some reason it didn't work before. But i was too busy to find out why. With latest version works straight off.
    Also I'm using ALFA AWUSO36NHA:AR9271 chipset and unknown NIC for internet (r8712u).
    It's stable and fast enough.

  26. #26
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by nifty nerd View Post
    Hi,
    Yes I'm able to get hostapd based AP to work. For some reason it didn't work before. But i was too busy to find out why. With latest version works straight off.
    Also I'm using ALFA AWUSO36NHA:AR9271 chipset and unknown NIC for internet (r8712u).
    It's stable and fast enough.
    Hi nifty nerd and thank you for your feedback.
    If you have any problems or something it need clarification/more informations please let me know.
    Have a nice day!

    PS As I've seen AR9271 based NICs, AP mode works only with up to 7 stations due to a firmware limitation.
    You can take a look here:
    http://wireless.kernel.org/en/users/Drivers/ath9k_htc
    Last edited by Nick_the_Greek; 2014-10-14 at 06:51. Reason: AR9271 limitation
    Security always begins with personal responsibility. - quietman7

  27. #27
    dataghost Guest
    Hey Nick, I will have some time today, I will test further, airbase soft ap worked fine, the issue was the wireless card, its rt2800usb driver but will not work at all for hostapd, other wireless dongles I tried worked well for me. Thanks and I will touch base again.

  28. #28
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by dataghost View Post
    Hey Nick, I will have some time today, I will test further, airbase soft ap worked fine, the issue was the wireless card, its rt2800usb driver but will not work at all for hostapd, other wireless dongles I tried worked well for me. Thanks and I will touch base again.
    Hey my friend dataghost!

    My rt2800usb based card has an Ralink Rt5370 chipset. With that card I'm able to setup a hostapd based soft AP with maximum 150Mbit/s since it supports only 1 partial stream and short GI for 40MHz channel width.

    So, in some moments I could get the maximum theoretical throughput. It's not that stable and I'm getting allot of error but the clients are able to connect and I'm able to run all the modes without problems.

    I'm looking forward for your feedback.

    BTW if you're interesting to get a transparent SSL/TLS intercepted wireless LAN run mode 10. the sslsplit based mode. It's by far the most accurate/fast and stable than others but of course you have to install the appropriate CA certificate to you clients if you don't want to get any warnings in their browsers.
    Last edited by Nick_the_Greek; 2014-10-14 at 17:03.
    Security always begins with personal responsibility. - quietman7

  29. #29
    Join Date
    2014-Sep
    Posts
    4
    Yes this script is something, thumbs up to you Nick.
    Though i was wondering, if there is a way to limit bandwidth for each client?
    Perhaps something to add on your next update?

    Anyway, from the previous comment, how i would i go by install the CA certificate?
    Thanks.

  30. #30
    Join Date
    2014-Oct
    Posts
    1
    Hey Nick,

    first of all - AMAZING work you have done here. very easy for a noob like myself to use.

    I have a few questions:

    1. In option 10 you mentioned WhatsApp, is it possible to sniff WhatsApp messages ? if so - how ? i didnt understand how \ what should i use.
    2. when using iPhone device, i keep getting SSL Certs messages (inavlid cert showing nick the greek as issuer ) - is this an issue or just something we have to live with ?

    thank you !

  31. #31
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by nifty nerd View Post
    Yes this script is something, thumbs up to you Nick.
    Though i was wondering, if there is a way to limit bandwidth for each client?
    Perhaps something to add on your next update?

    Anyway, from the previous comment, how i would i go by install the CA certificate?
    Thanks.
    I haven't tried to limit bandwidth for each client and as far as I remember this cannot being done with hostapd, but we can limit the bandwidth of a certain interface. eg Internet or wireless. Some quick results are:
    http://unix.stackexchange.com/questi...ific-interface
    http://www.ubuntugeek.com/use-bandwi...ion-speed.html
    Since I started with Aerial my main concern was how to maximize client's bandwidth with soft AP. I will look for that (to limit bandwidth).

    As for the client's CA certificate:
    The first time that you run the script, it will generate a new RSA key and the CA certificate for the programs that require to do on the fly certificate signing (sslsplit, mitmproxy, honeyproxy and squid3 with ssl) and various versions of the same certificate for the clients. In short we became a certificate anchor authority.

    So if you look into ../../Aerial/ folder you will see among others a "CA-certificates" folder ../../Aerial/CA-certificates/
    in that folder we are storing all the above. (key, certificate for programs and for clients). In that folder you should see also a README file which explains everhthing. Which file is used for and needed for.

    Three files are used for the above programs (sslsplt, mitmproxy etc) to sign the certificates:
    Aerial-ca.key ( CA private key needed for Proxies : Squid in the Middle, SSLsplit.)
    Aerial-ca.crt ( CA certificate needed for Proxies : Squid in the Middle, SSLsplit.)
    Aerial-ca.pem ( CA private key and certificate in PEM format needed for Proxies : MiTMProxy, HoneyProxy.)
    Don't forget that the above key and certificate is used for ALL the modes that you choose. Is common for all of them.

    and the other three are for our clients:
    Aerial-ca-cert.pem ( CA certificate in PEM format needed for Clients: IOS,IOS Simulator,Firefox,Java,OSX,*nix systems.)
    Aerial-ca-cert.p12 ( CA certificate in PKCS12 format needed for Clients: Windows platforms.)
    Aerial-ca-cert.crt ( CA-private key and certificate encoded in binary DER needed for Clients: Android 4.x devices.)

    So in short again. When let's say you choose mode 10 (sslsplit) then sslplit will use the Aerial-ca.key and Aerial-ca.crt files to dynamically generate on the fly all the requested site's certificates from our clients. I hope I explained that correctly to you. I know that my English are terrible!

    But here there is a problem. Our clients doesn't know as a trusted one the certificate that the Aerial was generate and furthermore sslsplit is using, so we have to tell (install) to our clients that certificate and tell to their browsers or OSs to trust that.

    So if you client is running Windows 8 then we have to install the Aerial-ca-cert.p12 to him so when sslplit is signing a site's certificate then the client of our soft AP will know that ,that certificate can be trust and NO warning will bring up.

    To install a certificate (client's site) first read the README file in../../Aerial/CA-certificates/ folder and then please follow that link:
    http://mitmproxy.org/doc/ssl.html
    It's very well explained with pictures etc.
    look at "Installing the mitmproxy CA". It's the same procedure, except the "Using the Web App" section. We don't have a web app in Aerial.

    Don't forget that the key and certificate that Aerial is generating is used for ALL the modes that you choose. Is common for all of them. So if you install the appropriate certificate to your client then you can switch from one mode to another without any warnings from you clients.


    If you have any troubles please let me know.

    @Everyone.
    Does anybody was able to setup a 5GHz hostapd based software Access Point? Please guys/girls I write the code to support 5GHz soft APs and I don't know if it's working or not. Someone?
    Security always begins with personal responsibility. - quietman7

  32. #32
    dataghost Guest
    Hey Nick, thanks for clearing up your card type, perhaps that was my issue, mine is still rt2800usb but the card is rt 3070. I should have time for testing today, Ill read up on the certificates, i connected with my ipad and my ipad warned me a ton of times about the connection.

  33. #33
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by GodAnubis View Post
    Hey Nick,

    first of all - AMAZING work you have done here. very easy for a noob like myself to use.

    I have a few questions:

    1. In option 10 you mentioned WhatsApp, is it possible to sniff WhatsApp messages ? if so - how ? i didnt understand how \ what should i use.
    2. when using iPhone device, i keep getting SSL Certs messages (inavlid cert showing nick the greek as issuer ) - is this an issue or just something we have to live with ?

    thank you !
    Hi GodAnubis and thank you for your kind words.

    Unfortunately I don't use WhatsApp but as far I've seen/read right now, from August 2013 sslplit will no longer sniff WhatsApp because WhatsApp client is checking the certificate fingerprints (thus making forgery impossible). You can take a look at the following links. They were my guide to create mode 10 and 11 (sslsplit and mitmproxy)
    http://blog.philippheckel.com/2013/0...one-or-iphone/
    http://blog.philippheckel.com/2013/0...l-connections/
    http://blog.philippheckel.com/2013/0...of-your-phone/

    As for your second question.
    This is not a issue at all. You WILL get warnings from your clients until you install the appropriate certificate to them. I've tried to explain why this is needed here:
    https://forums.kali.org/showthread.p...ll=1#post38547
    maybe in a wrong way. Let's try again by copying some parts from the above links. I now that my English are not in a very good shape

    SSLsplit works quite similar to other transparent SSL proxy tools: It acts as a middle man between the client and the actual server. Provided that traffic is being redirected to the server on which SSLsplit is running, SSLsplit picks up SSL connections and pretends to be the server the client is connecting to. To do so, it dynamically generates a certificate and signs it with a the private key of a CA certificate that the client must trust.
    So, sslsplit, mitmproxy. honeyproxy and Squid3 with SSL support they are using the same key and certificate that Aerial is creating the first time that you run it. It's common for all of them and it's unique for every FIRST run. My key and my certificate are NOT the same as yours.

    Every key and certificate are common for the programs that need a key and certificate (sslsplit, mitmproxy. honeyproxy and Squid3 with SSL) but they are NOT common with other machines that are running the Aerial script.

    OK now. We got the key, we got the certificate and all the above programs are able to dynamically generates a certificate and signs it. But your clients don't know that certificate. It's not listed in trusted Anchors certificate list. Therefore we must install the certificate (only the certificate not the key) to our clients and tell him to trust that.

    Until you do that you will get constantly warnings and thats the way it should be.

    Since you have iPhone (I don't) and iPhones are running iOS you should take a look into your ../../Aerail/CA-certificates/ folder and transfer the Aerial-ca-cert.pem file to your iPhone. (read the README file in that folder). To transfer it read this:
    http://mitmproxy.org/doc/certinstall/ios.html
    e-mail it to your self and install it.

    When you do that, the warnings will disappear.

    Don't forget that by installing the above certificate you will be able to switch from one Aerial's mode to another without getting any warnings. The certificate it's common for all the programs, remember?

    A tip. If you don't want to see my name as an issuer, then open the script and go to line 1675 and you will see this:

    Code:
    openssl req -new -nodes -x509 -sha1 -out $HOME_DIR/CA-certificates/$friendly_name-ca.crt -key $HOME_DIR/CA-certificates/$friendly_name-ca.key -config $HOME_DIR/CA-certificates/x509v3ca.cnf -extensions v3_ca -subj '/O=Nick_the_Greek/OU=Nick_the_Greek Aerial RootCA 2014/CN=Nick_the_Greek '$friendly_name'/' -days 9999
    This is the line that we create the CA certificate.
    As you see I set /=O (organization) /=OU (Organization Unit) and /=CN (Common Name) to Nick_the_Greek. The variable $friendly_name is set to Aerial. You can change that also. Set it to whatever you want. It doesn't matter what you set. That what really matters is the format of our certificate and the format it's the right one.

    I know that it's a little complicated that subject but if you read the articles in the above links I know that you will understand what it's going on.
    Sorry for this long thread. I'm trying to explain it as better as I can.

    BTW welcome to the forums.
    and can I ask which wireless NIC are you using with Aerial? It supports Hostapd based of airbase-ng based soft AP? It's stable/fast?
    Last edited by Nick_the_Greek; 2014-10-19 at 15:30. Reason: Additional info request.
    Security always begins with personal responsibility. - quietman7

  34. #34
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by dataghost View Post
    Hey Nick, thanks for clearing up your card type, perhaps that was my issue, mine is still rt2800usb but the card is rt 3070. I should have time for testing today, Ill read up on the certificates, i connected with my ipad and my ipad warned me a ton of times about the connection.
    Hi dataghost !

    Maybe I should think of this earlier. rt2800usb is covering a big range of wireless NICs.Take a look here:
    https://wiki.debian.org/rt2800usb#Supported_Devices

    I've just write a better (?) explanation to GodAnubis about the certificates etc. Take a look at this also.
    Security always begins with personal responsibility. - quietman7

  35. #35
    Join Date
    2014-Oct
    Posts
    7
    Hello, first of all you've done an amazing job in this script. gratz!
    I'm a Linux starter, and i was making manual AP to mess with my iphone and ipad (only testing machines i have right now)
    I used te mode number 10 and it "kind" of worked. i can surf on internet on my devices ( good! ) but some pages ( i think the ones using https ) ask me for a certificate, pressed install or accept, and then all https pages looked "blocked" like no internet connection. othes, work fine. Same thing happens on mobile apps, no connection on any.

    any ideas ?

    tks in advance, you guys are great!

  36. #36
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by Jimbas View Post
    Hello, first of all you've done an amazing job in this script. gratz!
    I'm a Linux starter, and i was making manual AP to mess with my iphone and ipad (only testing machines i have right now)
    I used te mode number 10 and it "kind" of worked. i can surf on internet on my devices ( good! ) but some pages ( i think the ones using https ) ask me for a certificate, pressed install or accept, and then all https pages looked "blocked" like no internet connection. othes, work fine. Same thing happens on mobile apps, no connection on any.

    any ideas ?

    tks in advance, you guys are great!
    Hi Jimbas and thank for your kind words.

    Please take a look at the above posts:
    https://forums.kali.org/showthread.p...ll=1#post38547
    https://forums.kali.org/showthread.p...ll=1#post38627

    in short when you are browsing https sites and you press accept or install then you accept the signed certificate which is coming from sslsplit but NOT the authority who signs that certificate. The authority are the certificates that are stored at ../Aerial/CA-certificates/ folder and they are used by the program involving by the mode you are running.

    What is crucial is to tell your client to accept the authority who signs it and that authority is sslsplit.

    To do that go to ../Aerial/CA-certificates folder and read the README file. Now, depending on what clients you have (in your case iPhone/iPad) you must install the appropriate certificate to them. In your case is the Aerial-ca-cert.pem file.

    By installing that file to your client you tell to your client that every single certificate that is coming from any https site and is signed by sslsplit is a trusted one and therefore can displayed without any warnings.

    Since we are MiTM we must convince the client(s) that he can trust us

    Finally by doing so, (installing the CA certificate to your client) you can switch from one "Mode" to another without any warnings from clients since every program :sslsplit, mitmproxy,honeyproxy and Squid3 SSL are using the same CA certificate.

    Happy testing!

    PS Try to google about CA certificate, certificate Authority and things like to understand correctly what is going on, because maybe I'm not explain that subject correctly. I know that my English are terrible!
    Security always begins with personal responsibility. - quietman7

  37. #37
    Join Date
    2014-Oct
    Posts
    7
    Nick_the_Greek you rock! haha thought the certificate was when I accept the "thing" on the website. Now it works perfect! (scary perfect!)

    Now i'm just wondering, if its possible (probably it is!) to create a captive portal (like the one on pwnstar) but instead of a pdf, force download a certificate to start surfing.
    Probably there is no way of for the client to install.. but we can force him to download.. and then internet is provided.
    Or other (better) way, the PDF with the exploit, force him to install the cert.

    I'm not asking for you (or anyone) to do that for me.. but if u could help me i'll be glad to learn

  38. #38
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133

    Aerial at github.

    Aerial has a home now at github.
    Since this Kali's support forum, I decide to move Aerial at Github. For bugs, new versions, download,wiki etc please visit:

    https://github.com/Nick-the-Greek/Aerial

    If you don't have an account at github you can ask me whatever you want about Aerial here also. I will answer as soon as I'm able to do that.
    Last edited by Nick_the_Greek; 2014-10-22 at 20:11.
    Security always begins with personal responsibility. - quietman7

  39. #39
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133

    Nice idea!

    Quote Originally Posted by Jimbas View Post
    Nick_the_Greek you rock! haha thought the certificate was when I accept the "thing" on the website. Now it works perfect! (scary perfect!)

    Now i'm just wondering, if its possible (probably it is!) to create a captive portal (like the one on pwnstar) but instead of a pdf, force download a certificate to start surfing.
    Probably there is no way of for the client to install.. but we can force him to download.. and then internet is provided.
    Or other (better) way, the PDF with the exploit, force him to install the cert.

    I'm not asking for you (or anyone) to do that for me.. but if u could help me i'll be glad to learn
    Yeah I know it's scary, but what is REALLY scary are things like that:
    http://www.pcworld.com/article/20708...e-domains.html
    http://www.mail-archive.com/cryptogr.../msg01782.html

    Anyway in to your subject. Sure you can do things like that, but unfortunately I don't have the time to do that at the moment. For the next couple months I'm too busy to do anything else except to help people with Aerial or any Kali Linux related stuff.
    But.....
    As you've seen in Aerial there is a mode "9. MiTM - Forced downloading files."

    In short in that mode we are forcing our clients to download our files, when they click to download something that matches to a file's extension *.exe, *.zip etc from ANY http site. Not an https site.
    The files that we are forcing to download are produced by Aerila and all are zero bytes files and they are stored at ../Aerial/bad_files folder. Don't forget to run that mode at least one time so that folder and files to created.

    In practice: You could use something like this:
    How to distribute root certificates as exe files
    or like this:
    Smooth root certificate deployment for mobile devices

    and try to see if you can create those .exe and/or .cab files with the appropriate CA certificate which Aerial was create for you. Please have in mind that I haven't try it yet.

    Assuming that you create an exe file with the above method and it's working, then you can rename it to test.exe and place that file to ../Aerial/bad_files/ folder and overwrite the zero byte test.exe file that is already there.

    Aerial expects to find an test.exe file to serve it to your clients. It doesn;t care what exe file it is. All it need it's a filename which is called test.exe or text.zip etc...
    So, now you can setup an soft AP, run mode 9 and check with SARG to see if your clients was download an exe file, If the client was download an exe file then be sure that he/she downloads YOUR test.exe file renamed to the file that you clients was asked to and if he/she executes it then your CA certificate was installed and you can switch to a different mode e.g. mode 10 (sslsplit).

    An example:
    You have done all the above and you run mode "9. MiTM - Forced downloading files."
    You client decides to download CPU-Z from here:
    http://www.cpuid.com/softwares/cpu-z.html
    when he/she clicked to download 1.71-setup-en.exe file, then Aerial will rename the ../Aerial/bad_files/test.exe file (that you have create) to 1.71-setup-en.exe and it will serve it to your client. This will happen when a file asked by your client(s) and the filename extensions matches with the extensions that Aerial was expecting to find which are *.exe *.zip *.rar *.doc and *.msi.

    if you want Aerial to supports *.cab files tell me so. It's very easy to do it.

    Anyway, I know it's a kind "manual" situation but I believe that would be a good task for you or anybody else.
    Try it and I would love to see your findings. Maybe we can build together in the future a new "mode" more automated.

    Tip: Look into the Aerial script and search for any sites. Those links in this thread are included into Aerial.
    Last edited by Nick_the_Greek; 2014-10-23 at 19:50.
    Security always begins with personal responsibility. - quietman7

  40. #40
    Hey Nick, any advice if possible compatible with nethunter. Many thanks and great work

  41. #41
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by skycrazy View Post
    Hey Nick, any advice if possible compatible with nethunter. Many thanks and great work
    Hi skycrazy.

    I'm watching very closely the nethunder project and I can admit that I'm very excited about that. Unfortunately I don't own a Nexus device and thus I can't test Aerial with it but I'm planning to do that in the near future, not until January-February.
    That would be my next project in 2015

    As for now if you're able to have installed the required programs for Aerial maybe it should work.
    Tale a look at first page to see what programs are required.
    Have a nice day!
    Security always begins with personal responsibility. - quietman7

  42. #42

    Post

    Hey Nick_the_Greek,

    I have a problem with running Aerial.

    I use Kali 1.0.9. VM edition with TL-WDN3200 (RT5572 chipset) and I can't get fake AP started...

    Also I noticed that every time script restarts network manager, it gets stuck at ''Waiting to connect to internet...'' and eth0 (interface where my internet is connected) doesn't start. I ''fixed'' that problem with manually starting eth0 everytime with
    Code:
    ifup eth0
    and I managed to go to the end of script where process starts, but I don't see my AP.

    As of settings, I use following:
    -Internet interface: eth0 - pci:e1000
    -SoftAP wireless interface: wlan0 - usb:rt2800usb
    -hostapd mode (tried with airbase-ng too; all are supported)
    -custom ESSID: bnet
    -current MAC adress (used custom one too but no effect)
    -CRDA:00
    -used channel 1 for softAP
    -tried all modes (g/n20/n40)
    -OPN encryption

    Looks like a really nice script, would be shame not to test it... :/

  43. #43
    Ok, II didn't manage to find a solution but I found new problems... :/

    When connecting to internet over 3G USB stick, Aerial doesn't even want to start.. But if I go around it by leaving it on wlan, and then disconecting it looks like it solves the problem... Also, manual reconnecting issue is still there; I have to manualy connect 3G stick to internet every time Aerial resets my network manager.
    What I noticed more (also happened before on VM but I thought is was VM issue) is that wlan card starts to hang. By that I mean that after failed attempt to execute script complitely, wlan card (one that is supposed to generate AP) doesn't want to connect to internet anymore; it just hangs... I think that some service still continues to work which needs to be ended in order for wlan to start working again...

    Hope that I helped a bit
    Last edited by subject_3156; 2014-10-31 at 03:30.

  44. #44
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by subject_3156 View Post
    Ok, II didn't manage to find a solution but I found new problems... :/

    When connecting to internet over 3G USB stick, Aerial doesn't even want to start.. But if I go around it by leaving it on wlan, and then disconecting it looks like it solves the problem... Also, manual reconnecting issue is still there; I have to manualy connect 3G stick to internet every time Aerial resets my network manager.
    What I noticed more (also happened before on VM but I thought is was VM issue) is that wlan card starts to hang. By that I mean that after failed attempt to execute script complitely, wlan card (one that is supposed to generate AP) doesn't want to connect to internet anymore; it just hangs... I think that some service still continues to work which needs to be ended in order for wlan to start working again...

    Hope that I helped a bit
    Hi subject_3156 and I'm very sorry for being late to respond, but I'm very busy and I will be busy for the next couple of months.
    Anyway, to your subject.
    There are two problems, I'm never tried Aerial with VMs and I never use it with 3G USB stick, so is hard to find what is wrong, but let's give it a shot.
    To get Aerial to work some thing are required. One of them is Internet connectivity. If it doesn't detect Internet connectivity it will not continue. As I said, I don't know how your 3G USB stick acts. It's controlled by network manager? What it's interface name? Can you give me please the output of some basic commands to see if I can make some changes to Aerial?
    Connect to Internet with your 3G usb, run the following, give me back the output of the commands and please tell me with which interface are you connected to Internet and with which interface are you trying to create the rogue AP.

    Code:
    ifconfig
    iwconfig 
    iw phy # This should tell us your wireless card's capabilities.
    route -n | awk '($1 == "0.0.0.0") { print $NF ; exit }' # This should tell us your Internet interface
    nmcli dev status # This should tell us how is managed your Internet interface by network manager.
    then restart network and network manager by:
    Code:
    service network-manager stop
    service networking stop
    service networking start
    service network-manager start
    and re-run the:
    Code:
    route -n | awk '($1 == "0.0.0.0") { print $NF ; exit }' # This should tell us your Internet interface and not being an empty output.
    nmcli dev status # This should tell us how is managed your Internet interface by network manager.
    Run all the above commands, post back the output and we will see what is wrong.

    Thank you for taking the time to test my script and please be patient. I will post back when I'm able to do that.
    Security always begins with personal responsibility. - quietman7

  45. #45
    Join Date
    2014-Nov
    Posts
    2

    hostapd and udhcpd not working

    Thank you for an amazing script!


    I have problems getting hostapd to work on a 64-bit version of kali. And udhcpd to distribute ips on 32-bit. Ive got a readout of what hostapd spews out:

    Code:
    
    
    random: Trying to read entropy from /dev/random
    Configuration file: /root/Desktop/aerial/Aerial/hostapd.conf
    ctrl_interface_group=0
    rfkill: initial event: idx=0 type=2 op=0 soft=1 hard=0
    rfkill: initial event: idx=6 type=1 op=0 soft=0 hard=0
    nl80211: Supported cipher 00-0f-ac:1
    nl80211: Supported cipher 00-0f-ac:5
    nl80211: Supported cipher 00-0f-ac:2
    nl80211: Supported cipher 00-0f-ac:4
    nl80211: Using driver-based off-channel TX
    nl80211: interface wlan0 in phy phy5
    nl80211: Set mode ifindex 8 iftype 3 (AP)
    nl80211: Failed to set interface 8 to mode 3: -16 (Device or resource busy)
    nl80211: Try mode change after setting interface down
    nl80211: Set mode ifindex 8 iftype 3 (AP)
    nl80211: Mode change succeeded while interface is down
    nl80211: Setup AP(wlan0) - device_ap_sme=0 use_monitor=0
    nl80211: Subscribe to mgmt frames with AP handle 0xfc5120
    nl80211: Register frame type=0xb0 (WLAN_FC_STYPE_AUTH) nl_handle=0xfc5120 match=
    nl80211: Register frame type=0x0 (WLAN_FC_STYPE_ASSOC_REQ) nl_handle=0xfc5120 match=
    nl80211: Register frame type=0x20 (WLAN_FC_STYPE_REASSOC_REQ) nl_handle=0xfc5120 match=
    nl80211: Register frame type=0xa0 (WLAN_FC_STYPE_DISASSOC) nl_handle=0xfc5120 match=
    nl80211: Register frame type=0xc0 (WLAN_FC_STYPE_DEAUTH) nl_handle=0xfc5120 match=
    nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0xfc5120 match=
    nl80211: Register frame type=0x40 (WLAN_FC_STYPE_PROBE_REQ) nl_handle=0xfc5120 match=
    nl80211: Add own interface ifindex 8
    nl80211: if_indices[16]: 8
    phy: phy5
    BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits)
    wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
    Previous country code 00, new country code 00 
    nl80211: Regulatory information - country=00
    nl80211: 2402-2472 @ 40 MHz 20 mBm
    nl80211: 2457-2482 @ 40 MHz 20 mBm (no IR)
    nl80211: 2474-2494 @ 20 MHz 20 mBm (no OFDM) (no IR)
    nl80211: 5170-5250 @ 160 MHz 20 mBm (no IR)
    nl80211: 5250-5330 @ 160 MHz 20 mBm (DFS) (no IR)
    nl80211: 5490-5730 @ 160 MHz 20 mBm (DFS) (no IR)
    nl80211: 5735-5835 @ 80 MHz 20 mBm (no IR)
    nl80211: 57240-63720 @ 2160 MHz 0 mBm
    nl80211: Added 802.11b mode based on 802.11g information
    Driver does not support configured HT capability [SMPS-STATIC]
    wlan0: interface state COUNTRY_UPDATE->DISABLED
    wlan0: AP-DISABLED 
    wlan0: Unable to setup interface.
    hostapd_interface_deinit_free(0xfc0590)
    hostapd_interface_deinit_free: num_bss=1 conf->num_bss=1
    hostapd_interface_deinit(0xfc0590)
    hostapd_bss_deinit: deinit bss wlan0
    wlan0: Deauthenticate all stations
    nl80211: send_mlme - da= ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH) nlmode=3
    nl80211: send_mlme -> send_frame
    nl80211: send_frame - Use bss->freq=0
    nl80211: send_frame -> send_frame_cmd
    nl80211: Frame command failed: ret=-22 (Invalid argument) (freq=0 wait=0)
    hostapd_cleanup(hapd=0xfc3f30 (wlan0))
    hostapd_free_hapd_data: Interface wlan0 wasn't started
    hostapd_interface_deinit_free: driver=0x49b640 drv_priv=0xfc4df0 -> hapd_deinit
    nl80211: Remove monitor interface: refcount=0
    nl80211: Remove beacon (ifindex=8)
    netlink: Operstate: ifindex=8 linkmode=0 (kernel-control), operstate=6 (IF_OPER_UP)
    nl80211: Set mode ifindex 8 iftype 2 (STATION)
    nl80211: Failed to set interface 8 to mode 2: -16 (Device or resource busy)
    nl80211: Try mode change after setting interface down
    nl80211: Set mode ifindex 8 iftype 2 (STATION)
    nl80211: Failed to set interface 8 to mode 2: -16 (Device or resource busy)
    nl80211: Delaying mode set while interface going down
    nl80211: Set mode ifindex 8 iftype 2 (STATION)
    nl80211: Mode change succeeded while interface is down
    nl80211: Teardown AP(wlan0) - device_ap_sme=0 use_monitor=0
    nl80211: Unsubscribe mgmt frames handle 0x888888888874d9a9 (AP teardown)
    hostapd_interface_free(0xfc0590)
    hostapd_interface_free: free hapd 0xfc3f30
    hostapd_cleanup_iface(0xfc0590)
    hostapd_cleanup_iface_partial(0xfc0590)
    hostapd_cleanup_iface: free iface=0xfc0590

    Can anyone help?


    Thanks

  46. #46
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Quote Originally Posted by eme101 View Post
    Thank you for an amazing script!


    I have problems getting hostapd to work on a 64-bit version of kali. And udhcpd to distribute ips on 32-bit. Ive got a readout of what hostapd spews out:

    Code:
    
    
    random: Trying to read entropy from /dev/random
    Configuration file: /root/Desktop/aerial/Aerial/hostapd.conf
    ctrl_interface_group=0
    rfkill: initial event: idx=0 type=2 op=0 soft=1 hard=0
    rfkill: initial event: idx=6 type=1 op=0 soft=0 hard=0
    nl80211: Supported cipher 00-0f-ac:1
    nl80211: Supported cipher 00-0f-ac:5
    nl80211: Supported cipher 00-0f-ac:2
    nl80211: Supported cipher 00-0f-ac:4
    nl80211: Using driver-based off-channel TX
    nl80211: interface wlan0 in phy phy5
    nl80211: Set mode ifindex 8 iftype 3 (AP)
    nl80211: Failed to set interface 8 to mode 3: -16 (Device or resource busy)
    nl80211: Try mode change after setting interface down
    nl80211: Set mode ifindex 8 iftype 3 (AP)
    nl80211: Mode change succeeded while interface is down
    nl80211: Setup AP(wlan0) - device_ap_sme=0 use_monitor=0
    nl80211: Subscribe to mgmt frames with AP handle 0xfc5120
    nl80211: Register frame type=0xb0 (WLAN_FC_STYPE_AUTH) nl_handle=0xfc5120 match=
    nl80211: Register frame type=0x0 (WLAN_FC_STYPE_ASSOC_REQ) nl_handle=0xfc5120 match=
    nl80211: Register frame type=0x20 (WLAN_FC_STYPE_REASSOC_REQ) nl_handle=0xfc5120 match=
    nl80211: Register frame type=0xa0 (WLAN_FC_STYPE_DISASSOC) nl_handle=0xfc5120 match=
    nl80211: Register frame type=0xc0 (WLAN_FC_STYPE_DEAUTH) nl_handle=0xfc5120 match=
    nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0xfc5120 match=
    nl80211: Register frame type=0x40 (WLAN_FC_STYPE_PROBE_REQ) nl_handle=0xfc5120 match=
    nl80211: Add own interface ifindex 8
    nl80211: if_indices[16]: 8
    phy: phy5
    BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits)
    wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
    Previous country code 00, new country code 00 
    nl80211: Regulatory information - country=00
    nl80211: 2402-2472 @ 40 MHz 20 mBm
    nl80211: 2457-2482 @ 40 MHz 20 mBm (no IR)
    nl80211: 2474-2494 @ 20 MHz 20 mBm (no OFDM) (no IR)
    nl80211: 5170-5250 @ 160 MHz 20 mBm (no IR)
    nl80211: 5250-5330 @ 160 MHz 20 mBm (DFS) (no IR)
    nl80211: 5490-5730 @ 160 MHz 20 mBm (DFS) (no IR)
    nl80211: 5735-5835 @ 80 MHz 20 mBm (no IR)
    nl80211: 57240-63720 @ 2160 MHz 0 mBm
    nl80211: Added 802.11b mode based on 802.11g information
    Driver does not support configured HT capability [SMPS-STATIC]
    wlan0: interface state COUNTRY_UPDATE->DISABLED
    wlan0: AP-DISABLED 
    wlan0: Unable to setup interface.
    hostapd_interface_deinit_free(0xfc0590)
    hostapd_interface_deinit_free: num_bss=1 conf->num_bss=1
    hostapd_interface_deinit(0xfc0590)
    hostapd_bss_deinit: deinit bss wlan0
    wlan0: Deauthenticate all stations
    nl80211: send_mlme - da= ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH) nlmode=3
    nl80211: send_mlme -> send_frame
    nl80211: send_frame - Use bss->freq=0
    nl80211: send_frame -> send_frame_cmd
    nl80211: Frame command failed: ret=-22 (Invalid argument) (freq=0 wait=0)
    hostapd_cleanup(hapd=0xfc3f30 (wlan0))
    hostapd_free_hapd_data: Interface wlan0 wasn't started
    hostapd_interface_deinit_free: driver=0x49b640 drv_priv=0xfc4df0 -> hapd_deinit
    nl80211: Remove monitor interface: refcount=0
    nl80211: Remove beacon (ifindex=8)
    netlink: Operstate: ifindex=8 linkmode=0 (kernel-control), operstate=6 (IF_OPER_UP)
    nl80211: Set mode ifindex 8 iftype 2 (STATION)
    nl80211: Failed to set interface 8 to mode 2: -16 (Device or resource busy)
    nl80211: Try mode change after setting interface down
    nl80211: Set mode ifindex 8 iftype 2 (STATION)
    nl80211: Failed to set interface 8 to mode 2: -16 (Device or resource busy)
    nl80211: Delaying mode set while interface going down
    nl80211: Set mode ifindex 8 iftype 2 (STATION)
    nl80211: Mode change succeeded while interface is down
    nl80211: Teardown AP(wlan0) - device_ap_sme=0 use_monitor=0
    nl80211: Unsubscribe mgmt frames handle 0x888888888874d9a9 (AP teardown)
    hostapd_interface_free(0xfc0590)
    hostapd_interface_free: free hapd 0xfc3f30
    hostapd_cleanup_iface(0xfc0590)
    hostapd_cleanup_iface_partial(0xfc0590)
    hostapd_cleanup_iface: free iface=0xfc0590

    Can anyone help?


    Thanks
    Hi eme101
    Can you please tell me which wirelless card are you using?
    Security always begins with personal responsibility. - quietman7

  47. #47
    Join Date
    2013-Jun
    Posts
    125
    hello Nick_the_Greek
    I haven't tested your script as yet...writing such a lengthy script requires alot of work!..hope your script goes viral..haha!.

  48. #48
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    Hi repzeroworld
    I'm, looking forward for your feedback, when you got time to test it.
    Security always begins with personal responsibility. - quietman7

  49. #49
    Join Date
    2014-Nov
    Posts
    2
    Quote Originally Posted by Nick_the_Greek View Post
    Hi eme101
    Can you please tell me which wirelless card are you using?


    I have tried these three with various results:

    ALFA AWUS036NHA
    ath9k_htc
    Atheros AR9271x


    ALFA AWUS051NH
    rt2800usb
    Ralink RT2770 RT2750


    ALFA AWUS036NHR
    rtl8192cu
    RTL8188RU

    The script says the ralink-card is supported using all options when selecting hostapd. I have got it to wark semi-fine if I run hostapd with 802.11g only.

  50. #50
    Join Date
    2014-Nov
    Posts
    15
    How can I limit the clients of my Soft AP to access only Facebook or Gmail ??

Similar Threads

  1. Cracking a WPA/WPA2 wireless Access Point
    By MrShingles in forum How-To Archive
    Replies: 26
    Last Post: 2015-06-02, 20:44
  2. A Reaver Based Multi-Target Pin Harvesting Program
    By mmusket33 in forum How-To Archive
    Replies: 10
    Last Post: 2014-10-29, 02:15
  3. Rogue Access Point with 2 Wireless Cards
    By m4rshall in forum General Archive
    Replies: 2
    Last Post: 2014-07-01, 07:12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •