Creating Rogue Access Point with 2 wireless interfaces

rogueap

(Hardeep Singh) #1

(Hardeep Singh) #2

@Jeddy I think you must follow this guide. It is guided towards a setup where you have 2 wireless cards.
one is used to create fake access point and another for providing internet access to the victim.

both wlan0 and wlan1 are chaned together so that the data can flow through the chain.

Click to reveal spoiler:

rogueap


(Joshep) #3

I encountered error when i run hostapd hostapd.conf command
error:

Configuration file: hostapd.conf
Could not read interface <wlan1> flags: No such device
nl80211: Driver does not support authentication/association or connect commands
nl80211: deinit ifname=<wlan1> disabled_11b_rates=0
Could not read interface <wlan1> flags: No such device
nl80211 driver initialization failed.
<wlan1>: interface state UNINITIALIZED->DISABLED
<wlan1>: AP-DISABLED 
hostapd_free_hapd_data: Interface <wlan1> wasn't started

and then i saw my driver name

wlan1		rt2800usb	Ralink Technology, Corp. RT3072

i tried replacing driver= rt2800usb inside the hostapd.conf

and again used command hostapd hostapd.conf
then i got this output:

Configuration file: hostapd.conf
Line 2: invalid/unknown driver 'rt2800'
1 errors found in configuration file 'hostapd.conf'
Failed to set up interface with hostapd.conf
Failed to initialize interface

HELP ME?


(Hardeep Singh) #4

Read this line. It says no such device names <wlan1>.

Remove the brackets from the name. It should be wlan1 not <wlan1>

edit: also keet the driver version as nl80211. No need to change. rtl2800usb is for the hardware. nl80211 is the kernel driver for software based Access Point.


(Joshep) #5
Configuration file: hostapd.conf
nl80211: Could not configure driver mode
nl80211: deinit ifname=wlan1 disabled_11b_rates=0
nl80211 driver initialization failed.
wlan1: interface state UNINITIALIZED->DISABLED
wlan1: AP-DISABLED 
hostapd_free_hapd_data: Interface wlan1 wasn't started

Now i got this output :frowning:


(Hardeep Singh) #6

Did you kill the network-manager utility?

It usually happens because network-manager is trying to take control of this network device and at the same time hostapd is trying to take charge.
Due to that conflict, hostapd starts for a moment and then network-manager takes over again (since it’s a service) adn hostapd loses control and throws error.

Fix

  1. Kill network-manager: sudo service stop network-manager or airmon-ng check kill
  2. Whitelist the MAC of your desired device in NetworkManager.conf

Edit network manager’s configuration file:

vim /etc/NetworkManager/NetworkManager.conf

Add following code at the end of the file to tell Network Manager which are the unmanaged devices for it.

Copy to clipboard. See top right corner of the code block

[keyfile]
unmanaged-devices:mac=AA:BB:CC:DD:EE:FF

Replace AA:BB:CC:DD:EE:FF with the MAC of your wireless device

Check MAC of your device. Syntax: ifconfig <device name> | grep hwaddr

EXAMPLE

ifconfig wlan0 | grep hwaddr

(Joshep) #7

Thanks for the swift reply :slight_smile:
it created fake ap after airmon-ng check kill command
let me clear you what i did,
I have two wlan0 and wlan1
wlan0 have internet access and im creating a fake ap through wlan1

ifconfig wlan0 10.0.0.1 

in above command should there be wlan1?
I tried both wlan0 and wlan1
but the problem is it shows my phone is connected and associated with the fake ap
but when i see on my phone it only tells (obtaining ip address).

and in the dnsmasq terminal the output is

dnsmasq: started, version 2.76 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
dnsmasq-dhcp: DHCP, IP range 10.0.0.10 -- 10.0.0.250, lease time 12h
dnsmasq: using nameserver 8.8.8.8#53
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 8.8.8.8#53
dnsmasq: using nameserver 192.168.74.2#53
dnsmasq: read /etc/hosts - 5 addresses

it doesn’t show the remaining output as shown in your tutorial.
as i try to enable NAT by setting Firewall rules in iptables

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface wlan0 -j ACCEPT

what should be replace in place of eth0(out interface) and wlan0(in interface)?


(Hardeep Singh) #8

See, the traffic is coming IN from the Victim and Going OUT towards the Internet. and which interface has the Internet access? wlan0, right? So the command must be:

iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
 Internet facing Interface. Can be wlan0, wlan1 etc. ──────┐
 In your case it is wlan0.                                 │
                                                           │
                                                          ─┴─
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

(Joshep) #9

I still can’t connect to the fake ap i created.


(Hardeep Singh) #10

Hey.

Did you fix the interface name in the dnsmasq configuration file?

You are probably using the same file as of the evil twin article’s config.

If you see association happening in hostapd output. it mean fake ap ID working fine. as “Obtaining IP address” is the only thing popping up repeatedly I strongly suspect there is some issue with the DNS and DHCP part, hence dnsmasq


(Joshep) #11

oh yeah! I apologize you for that.
It was the problem of dnsmasq.conf file
It got connected now.


(Hardeep Singh) #12

15 posts were split to a new topic: Network Manager doesn’t show Wireless Interface wlan1