Fake AP Troubleshooting - Not Redirected to Fake Webpage

rogueap

(Johan C) #1

Hi,

So I have followed the guides in the free PDF provided by rootsh3ll to set up a fake AP to capture WPA-passphrases through a fake firmware-upgrade of the victims router.

I have followed the guide in the following steps.

  1. First of all killing all services and running airmon-ng check kill and putting my WiFi-interface in monitor mode.

  2. I’m using dnsmasq in conjunction with Airbase-ng so dnsmasq is initiated with the settings according to the PDF and airbase is started:

interface=at0
dhcp-range=10.0.0.10,10.0.0.250,255.255.255.0,12h 
dhcp-option=3,10.0.0.1 
dhcp-option=6,10.0.0.1
server=8.8.8.8 
log-queries 
log-dhcp
listen-address=127.0.0.1
  1. I’m then allocating the IP-address and so forth:
ifconfig at0 10.0.0.1 netmask 255.255.255.0
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
  1. I’m not forwarding traffic since i’m not planning on giving the target internet access since the router is supposed to act “offline” because of the firmware-upgrade.

  2. dnsspoofing is started

  3. AP is up and running and I connect with another computer of mine. I get connected and assigned an IP. But when i open a browser nothing happens and i’m not redirected to the apache server and the fake firmware-upgrade site.

Apache is ofc started and restarted several times and the site works fine on the server itself on 10.0.0.1

What might I be doing wrong? I have tried several guides and using both airbase and hostapd but the clients really don’t want to be redirected to the fake site.

Running Kali Linux and Alfa AWUS036ACH adapter.

My aim is for the client to connect to the fake AP and forced to the fake site running on my apache server.


(Hardeep Singh) #2

dnsspoof must be running on at0 for airbase-ng. please confirm.


(Johan C) #3

Hi,

Yes dnsspoof is running for at0 and not wlan1 which is the usual name for the interface.


(Hardeep Singh) #4

which sites are you trying to test the redirection?

my advice would be to test http based websites to see if it works than we can move ahead to the complicated stuff.
try http://example.com and see if it redirects to fake AP page.


(Johan C) #5

My goal would of course be to redirect any sort of site request to the fake update site and not a particular site.

I will try out that site and report back :wink:


(Hardeep Singh) #6

Since HSTS is implemented on majority of top 1000 sites (including rootsh3ll ), redirection is not as simple to perform.

As an alternative you can read the chapter 8 (captive portal). that can be helpful in this case