Results 1 to 50 of 73

Thread: Aerial - Multi-mode wireless LAN Based on a Software Access point

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133

    Aerial - How to E-Z Setup a Multi-mode wireless LAN Based on a Software Access point

    Aerial WiFi

    Part 1

    What is it?
    ========
    Aerial is one of the easiest ways to create a full capable*, high speed*, at any band (5GHz or 2.4GHz), high through IEEE 802.11n* or not, with Wi-Fi protected setup* (WPS) or not, Software Access point on a Kali-Linux box with manipulated/intercepted/injected/ forced/proxied/MITMed or not traffic.
    * When Hostapd is used and depending on your wireless NIC's capabilities.


    Files:
    ====
    Aerial.0.14.1.0
    Aerial.sh (main script).
    README (this file).
    COPYING (License).
    CHANGELOG (Version History).
    /dependencies/
    /dependencies/airchat_2.1a/ airchat.tar.bz2 (Needed for mode 3)
    /dependencies/squid3_3.3.8-1.1Kali1_amd64/ (Needed for mode 13 Kali x64)
    /dependencies/squid3_3.3.8-1.1Kali1_amd64/squid3_3.3.8-1.1Kali1_amd64.deb
    /dependencies/squid3_3.3.8-1.1Kali1_amd64/squid3-common_3.3.8-1.1Kali1_all.deb
    /dependencies/squid3_3.3.8-1.1Kali1_amd64/squid-langpack_20140506-1.1Kali1_all.deb
    /dependencies/squid3_3.3.8-1.1Kali1_i386/ (Needed for mode 13 Kali x32)
    /dependencies/squid3_3.3.8-1.1Kali1_i386/squid3_3.3.8-1.1Kali1_i386.deb
    /dependencies/squid3_3.3.8-1.1Kali1_i386/squid3-common_3.3.8-1.1Kali1_all.deb
    /dependencies/squid3_3.3.8-1.1Kali1_i386/squid-langpack_20140506-1.1Kali1_all.deb

    Download / Installation
    ==================
    No installation is required.
    Download the latest bz2 file:
    Aerial_0.14.1.0.tar.bz2 6.3MB
    Code:
    sha1sum:
    8e17b35e3883f986ed3d7718b24bd3225a97fd8a
    check integrity by:
    Code:
    echo "8e17b35e3883f986ed3d7718b24bd3225a97fd8a  Aerial_0.14.1.0.tar.bz2" | sha1sum -c -
    extract it:
    Code:
    tar jxf Aerial_0.14.1.0.tar.bz2
    or download it from github:
    Code:
    git clone https://github.com/Nick-the-Greek/Aerial
    and run it by:
    Code:
    sh Aerial.sh
    Relax and let the script download/install, create CA certificates etc that is needed. DO NOT INTERRUPT IT. Let it finish. A new folder named "Aerial" will be created. Everything you want to find will be in that folder, e.g.
    aerial.conf (This script's configuration file)
    hostapd.conf (Hostapd configuration file)
    CA-certificates folder and the included certificates.
    Backup folder with the included files.
    ...

    When a "Mode" in executed then a new folder will be created with the corresponding name (e.g sslsplit) into the "Aerial" folder with all the files (configuration, logs etc) that invoke that "Mode". So the only thing that you have to do, is to run any "Mode" and then look at the corresponding folder of that "Mode". If a "Mode" is never executed, none folder will be created for that "Mode".

    Features
    =========
    o Menu driven.
    o Kali Linux x86 and x64 architectures compatible.
    o BackTrack 5R3 Linux x86 and x64 architectures compatible. (some modes).
    o Ability to use Airbase-ng for the creation of the Soft AP. (Your wireless NIC MUST support monitor mode).
    o Ability to use Hostapd for the creation of the Soft AP. (Your wireless NIC MUST support AP mode).
    o A configuration file (aerial.conf) with the ability to enable/disable some of the Aerial's menus (speed things up) and/or change directly script's values (ex Internet interface, wireless interface, channel, etc). Please refer to aerial.conf for detailed instructions.
    o Selectable language/date format/long URLs for SARG.
    o All inputs from users are filtered. You can't enter an invalid input.
    e.g. Internet interface, wireless interface, channel, CRDA, password, etc
    o Multiple examples for correct usage of the script.
    o Backup/restore of any configuration files or folders that it might be changed into the OS by the script.
    o Downloading and installation of all required programs, if they are not present:
    - UDHCPD: Very small Busybox based DHCP server.
    - Aircrack-ng Suite: Wireless WEP/WPA cracking utilities.
    - Proxychains: Redirect connections through proxy servers.
    - Proxyresolv: DNS resolving.
    - Mogrify: Image manipulation programs.
    - Jp2a: Converts jpg images to ASCII.
    - Ghostscript: Interpreter for the PostScript language and for PDF.
    - Apache2: HTTP Server.
    - Dnsmasq: A small caching DNS proxy and DHCP/TFTP server.
    - Haveged: Linux entropy source using the HAVEGE algorithm.
    - Squid3 v3.1.20 :Proxy caching server for web clients.
    - Sarg: Squid Analysis Report Generator.
    - Hostapd v2.3 devel: User space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator.
    - Hostapd v2.3 devel patch: Disable bss neighbor check/force 40 MHz channels. Please see part 2 paragraph (1)
    - TOR: The Onion Router: A connection-based low-latency anonymous communication system.
    - ARM: The Anonymizing Relay Monitor - Terminal status monitor for TOR.
    - I2P router: The Invisible Internet Project.
    - Sslstrip: SSL/TLS man-in-the-middle attack tool.
    - Sslsplit: Transparent and scalable SSL/TLS interception.
    - Mitmproxy: SSL-capable man-in-the-middle HTTP proxy.
    - Honey Proxy: HTTP(S) Traffic investigation and analysis.
    o Supplied with Aerial.0.x.x.tar.bz2:
    - Airchat v2.1a: Wireless Fun. (No installation is required. The script will handles this).
    - Installation packages Squid3-i386 and Squid3-amd64 v.3.3.8 compiled with SSL Bumping and Dynamic SSL Certificate Generation.
    o Unique (per run) Trust Anchor Certificate.
    o One common CA root certificate for the modes that requires a Trust Anchor Certificate:
    - SSLsplit.
    - Mitmproxy.
    - Honeyproxy.
    - Squid in the Middle.
    o Multiple formats of the CA certificate for all kind of clients:
    - IOS. (not tested)
    - IOS Simulator. (not tested)
    - Firefox. (tested)
    - Java. (not tested)
    - OSX. (not tested)
    - *nix systems. (tested)
    - Windows platforms. (tested)
    - Android 4.x devices. (tested)
    o Backup of the generated CA-certificates. (Just in case).
    o Stop/kill of any running processes when we re-run the script.
    o Ability to use any wireless NIC for the creation of the Soft AP. (In case that more than one is installed)
    o Auto-detect of Internet interface.
    o Auto-detect of Wireless interface(s).
    o Auto-detect of Wireless interface in monitor mode.
    o Auto-detect of Wireless interface's capabilities:
    - Access point mode. (hostapd compatible).
    - Monitor mode. (airbase-ng compatible).
    - Supported band:
    - IEEE 802.11a - 5GHz (airbase-ng or hostapd). (not tested).
    - IEEE 802.11g - 2.4 GHz (airbase-ng or hostapd). (tested).
    - IEEE 802.11a/n - 5GHz High Throughput (Only with hostapd). (not tested).
    - IEEE 802.11g/n - 2.4GHz High Throughput (Only with hostapd). (tested).
    o Ability to set/change ESSID: Extended Service Set Identification.
    o Ability to set/change MAC address: Media Access Control Address.
    o Ability to set/change CRDA: Central Regulatory Domain Agent.
    o Ability to set/change channel:
    Permitted to use channels are:
    IEEE 802.11g - 802.11g/n: 01 02 03 04 05 06 07 08 09 10 11 12 13 (tested).
    IEEE 802.11a - 802.11a/n: 36 40 44 48 52 56 60 64 (not tested).
    Non permitted to uses channels are:
    IEEE 802.11g - 802.11g/n: 14 (Japan) (tested).
    IEEE 802.11a - 802.11a/n: 100 104 108 112 116 120 124 128 132 136 140 149 153 157 161 165 (not tested).
    o Scanning for other Access Points and Ad-Hoc cells in your area and informations about suggested channels to use for:
    IEEE 802.11a - 5GHz (not tested)
    IEEE 802.11a/n - 5GHz 20Mhz channel width. (not tested).
    IEEE 802.11a/n - 5GHz 40Mhz channel width. (not tested).
    IEEE 802.11g - 2.4GHz (tested).
    IEEE 802.11g/n - 2.4GHz 20Mhz channel width. (tested).
    IEEE 802.11g/n - 2.4GHz 40Mhz channel width. (tested).
    o Wireless card's IEEE 802.11n capabilities and auto-usage in hostapd: (only when hostapd is selected).
    - Available Antenna(s).
    - Configured Antenna(s).
    - Supported channel width set (20Mhz/40Mhz).
    - LDPC coding capability.
    - Spatial Multiplexing (SM) Power Save.
    - HT-Greenfield.
    - SGI-Short Guard Interval for 20 MHz.
    - SGI-Short Guard Interval for 40 MHz.
    - Tx STBC-Space–Time Block Codes.
    - Tx Max spatial streams.
    - Rx STBC-Space–Time Block Codes. (One, two or three Spatial streams.)
    - Maximum A-MSDU length.
    - DSSS/CCK Mode in 40 MHz.
    - HT TX/RX MCS rate indexes supported.
    o Ability to set/change Encryption:
    - For airbase-ng based Soft AP:
    OPEN no encryption.
    WEP (ASCII password 40bits or 104bits).
    WEP (HEX password 40bits or 104bits).
    - For hostapd based Soft AP:
    OPEN no encryption.
    WEP (ASCII password 40bits or 104bits).
    WEP (HEX password 40bits or 104bits).
    WPA2 pre shared key. (8 to 32 characters long)
    When WPA2 encryption is selected you will have the ability to:
    - enable/disable Wi-Fi protected setup (WPS).
    - set WPS pin.
    o Free Disk Space and free RAM Calculation for optimizing Squid3's functionality.
    o Ability to use alternative DNS servers. (I'm using OPEN DNS servers.)
    o Summary/information about Internet interface and the created Soft AP.
    o Kernel's Entropy Pool Calculation. We make sure that hostapd will not run out from random number. We use Haveged algorithm.
    o Real time reports about who, what, when was visited by our WLAN.
    o Detailed reports about who, what, when top sites, top sites/users etc was visited by our WLAN.
    o Informations about which daemons/programs are running and which and where the configuration files are used.
    o Log files for almost all the modes.
    o Specially for mode 10 due to a massive number of log files a search script will be created (search.sh) to help do search queries into the sslsplit's log files.
    o Real time information about connected clients, Soft AP's statistic informations and leases granted by udhcp server (offered IPs to our clients).

    To be continued...
    Last edited by Nick_the_Greek; 2014-10-22 at 19:50. Reason: Github download
    Security always begins with personal responsibility. - quietman7

Similar Threads

  1. Cracking a WPA/WPA2 wireless Access Point
    By MrShingles in forum How-To Archive
    Replies: 26
    Last Post: 2015-06-02, 20:44
  2. A Reaver Based Multi-Target Pin Harvesting Program
    By mmusket33 in forum How-To Archive
    Replies: 10
    Last Post: 2014-10-29, 02:15
  3. Rogue Access Point with 2 Wireless Cards
    By m4rshall in forum General Archive
    Replies: 2
    Last Post: 2014-07-01, 07:12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •