Can victim connect to the Fake AP?


(Nguyên Trung) #1

hi rootsh3ll. ur Fake AP is really useful. but i think it is not true Fake AP now. Because when victim connect to Fake Ap, if they cant connect internet after login, they can think “my AP is broken and call ISP to fix it then change pass”. So i think we have to do that: victim connect to Fake AP (wlan1), after they login and we had passwork, victim use our internet thought vic–>wlan1–>wlan0(or ethe.etc)–>internet
can u have any suggest to do it?

(Hardeep Singh) #2

You need to chain the 2 interfaces together so that the traffic can flow through them, like a bridge.

Use iptables for bridging the interfaces:

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface wlan1 -j ACCEPT

Here wlan0 is the interface with Internet access. it could be eth0 or ppp0 also.
wlan1 is the fake access point, if using airbase-ng, replace wlan1 with at0.

After entering the above command if you are willing to provide Internet access to the victim just enable routing using the command below

Enable IP forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

Entering 1 in the ip_forward file will tell the system to enable the rules defined in the IPtables and start forwarding traffic(if any). 0 stand for disable. Although rules will remain defined until next reboot.