Create wifi AP that enables users to browse the internet
I'm currently working on my university projects. After that I will focus on this repo.
- Automation
- Ubuntu 18.04 LTS support
- Remove hard-coded values to single conf file
- Tutorial how to use
- Research how to get Wifi to your evil machine without must-have ethernet cable
- Allow full packet interception (all traffic) with Wireshark for hostapd
- DNS2Proxy plugin
Highly customizable (simple bash scripts)
You can also run deauth attack (to disconnect all clients, so then they automatically connect to you) https://github.com/ShlomiRex/WiFi-Deauthernticator
2 wifi adapters with Monitor mode(for deauth) and Master mode(for AP station).
https://docs.google.com/document/d/1pRLTep1HHcjlyrZKoXwlNAHaTazGWdiJjDP2X9-b4Ag/edit#
- hostapd - Host AP
Default configuration: /etc/hostapd/hostapd.conf
Used to open AP wirelessly.
- dnsmasq - DHCP server + DNS server
Default configuration: /etc/dnsmasq.conf
Used to assign IP for clients on AP.
You need the Aptitude package manager (comes with debian) (You can install manually the dependencies). It is highly recommended to use Kali since it comes with dnsmasq instead of systemd-resolv (on ubuntu distros).
$ python console.py
Logs located at: /var/log/WiFi-EvilTwin
You can also log with dnsspoof.
Usage: $ dnsspoof -i
Disable Mobile Data.
When you try to connect to the AP, and you see this message or something simillar, the problem is with dnsmasq, spesifically with DHCP. Please check you'r configuration.
Please check that the systemd-resolv does not uses port 53. If it does, then kill it by:
$ killall systemd-resolv
Please make sure to run the command: $ airmon-ng check kill
This will eliminate any server that interfers with hostapd.
To create AP and use deauth script you need 2 wireless adapters capable of monitor mode / packet injection. Adapter 1 will be used as AP and the second will be used as deauth. You can manually run deauth script via the console, or by running $ python tools/deauth.py.
Make sure to set the channel of interface of adapter 2 to the channel of the AP you want to fake. You can find the channel by running the scan.sh script, or with the console.
You need another adapter or ethernet cable. This adapter doesn't need to have monitor mode.
Manually change the enable-nat.sh, replace "eth0" with the adapter you have.
The script should killall dnsmasq before the start of dnsmasq. You can type killall dnsmasq before running the console.
- https://nims11.wordpress.com/2012/04/27/hostapd-the-linux-way-to-create-virtual-wifi-access-point/ # This one really works well for me
- https://askubuntu.com/questions/21679/how-to-stop-wireless-ap-hosting-using-network-manager-on-ubuntu
- https://www.raspberrypi.org/forums/viewtopic.php?t=128150
- https://wiki.gentoo.org/wiki/Hostapd#802.11b.2Fg.2Fn_triple_AP
- https://forums.hak5.org/topic/37033-no-access-to-my-fake-ap/
- https://rootsh3ll.com/evil-twin-attack/