In this tutorial for Cr0w’s Place we are creating a fake wireless access point to sniff login credentials from the users that connect in it. We are going to use a pc with Kali Linux installed, a WiFi NIC with monitor mode capabilities and the fake ap script that you can download from the link down here and automates our attack. But lets see some theory on the tools that we are going to use:
Airbase-ng is multi-purpose tool aimed at attacking clients as opposed to the Access Point (AP) itself.
The Dynamic Host Configuration Protocol (DHCP) is a network protocol used to configure devices that are connected to a network so they can communicate on that network using the Internet Protocol (IP). The protocol is implemented in a client-server model, in which DHCP clients request configuration data, such as an IP address, a default route, and one or more DNS server addresses from a DHCP server.
SSL stripping is a man-in-the-middle attack in which a network attacker could prevent a web browser from upgrading to an SSL connection in a subtle way that would likely go unnoticed by a user.
Ettercap is a free and open sourcenetwork security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and securityauditing.
Monitor mode, or RFMON (Radio Frequency MONitor) mode, allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received from the wireless network. Unlike promiscuous mode, which is also used for packet sniffing, monitor mode allows packets to be captured without having to associate with an access point or ad hoc network first. Monitor mode only applies to wireless networks, while promiscuous mode can be used on both wired and wireless networks. Monitor mode is one of the six modes that 802.11 wireless cards can operate in: Master (acting as an access point), Managed (client, also known as station), Ad hoc, Mesh, Repeater, and Monitor mode.
You can download FakeAP.sh script from here.
You can buy Alfa AWUS036H card that I used from here.
Everything you are going to see is for educational purposes only, so operate carefully and in your own property. I bring no responsibility in what happens to you if you act irresponsibly.
Thank You For Watching.