Rogue Access Point

[SDTL04]

Hello all,
So basically I have had success creating a rogue access point utilizing kali linux, but I have seemed to run into one issue. Once my access point is up and running, my internet connection seems to drop. With the utilization of another computer I still have the ability to connect to my fake access point, but its a pointless connection due to no internet connection. Once I kill the access point I gain the ability to use the internet again. Can anyone provide any input on how to correct this? I currently run Kali Linux on VMware workstation and utilize an Alfa AWUS036NHA network adapter for monitoring.

[rastamouse]

Sounds like perhaps you haven't enabled port forwarding or masquerade rules on Kali. Could you provide your commands start to finish to create the AP.

[BasicCodeMonkey]

Is it possible to block Facebook/twitter and so on apps but allow facebook and twitter webpages when running rogue ap?

[grid]

BasicCodeMonkey, you could probably do it with some iptables rules.

[BasicCodeMonkey]

BasicCodeMonkey, you could probably do it with some iptables rules.

That's something what I thought first but I have tried to find ports or something to block those but still let www.facebook.com etc. to work but I haven't find any working block :-/

[BasicCodeMonkey]

I guess that it's impossible to just block those apps but let user to use browser to access those sites? :-/

[grid]

Hmm, if you have someone connected to your rogue access point, you could try some DNS trickery to enable/disable applications. In other words, if a user hits a your target site via URL, redirect them to somewhere else.

[BasicCodeMonkey]

Hmm, if you have someone connected to your rogue access point, you could try some DNS trickery to enable/disable applications. In other words, if a user hits a your target site via URL, redirect them to somewhere else.

Tell me more about your idea? How that block apps? Why/where I want to redirect if user try to connect example www.facebook.com when I want to allow facebook site?

[grid]

Ok, you want to block applications from reaching FaceBook, but allow www.facebook.com?

[BasicCodeMonkey]

Ok, you want to block applications from reaching FaceBook, but allow www.facebook.com?

Yep.
Same with Twitter and so on.
If you go to www.facebook.com and www.twitter.com they work normally (via rogueap of course) but when using facebook or twitter app connections should be blocked.

[grid]

That I'm not sure how to pull off. You'd have to do some packet captures when using the applications to see what traffic is being sent. You might then be able to configure iptables rules, or DNS, to block the specific applications based on what you find in the packet captures.

[mmusket33]

The program dnsspoof allows a custom host file be used.

MTeams

[Chunkingz]

have you got any good quality tuts for creating rogue aps?

[BasicCodeMonkey]

The program dnsspoof allows a custom host file be used.

Any ideas does apps use different addresses than example facebook.com and twitter.com?