How To Start a Fake Access Point (Fake WIFI)
As you might know, untrusted Wifi networks can be extremely dangerous if you happen to be connected to them. In this article I am going to show you how to create a simple yet dangerous access point. We will be using a well-known wireless card that supports monitor mode which is the Alfa AWUS036NHA USB wireless adapter, you can find it here. Or you can use any wireless adapter that supports monitor mode, Alfa AWUS036NHA is highly recommended though.
How dangerous can an access point be?
If you are in a random place and happened to be connected to an open network, it doesn’t matter what device you are connected with, your data will be visible to the person who is controlling the access point. Not only that, but the person in control can have a complete control over your device by hooking you with a malicious web page or a backdoor.
How can you control the devices that are connected to your fake access point?
There are many methods to do that. You can redirect the connected user to a specific malicious website that you also control and hook their devices. Furthermore, you can run and execute backdoors by using python MITM scripts on the connected devices. You also can replace the download files that the connected users requests on the fly without being suspicious, we will be doing that in the next article.
Lets take a look on how to start a fake AP…
STEP 1:
First we will need to update Kali Linux to the latest version and install the required packages.
apt-get update apt-get install hostapd dnsmasq apache2
STEP 2:
We need to put the wireless card in monitor mode to allow us to sniff the packets in and around the network. You can use this method:
ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig wlan0 up
Or if that didn’t work, you can use this method instead:
airmon-ng start wlan0
Note that the wireless adapter’s name has changed from wlan0 to wlan0mon, so we need to use the new given name which is wlan0mon.
STEP 3:
To make things organized and easier to work with, we will make a new directory in root and call it “FAP” or fake access point.
mkdir /root/fap cd /root/fap
- mkdir: command for making a new directory in linux.
- cd: command to navigate to a specific directory, in this case its fap.
STEP 4:
Once we are in /root/fap that we created, we will now setup a new hostapd configuration file and write instructions inside. Hostapd (Host access point daemon) is a software access point that lets the user to use his/her wireless adapter to broadcast several access points at the same time.
nano hostapd.conf
- nano: is a command line text editor included in most Linux installations.
- hostapd.conf: is the name of the configuration file that we created.
Now inside hostapd.conf, we need to setup instruction orders for it.
interface=wlan0mon driver=nl80211 ssid=[Name of the Wifi] hw_mode=g channel=[Channel number] macaddr_acl=0 ignore_broadcast_ssid=0
After writing these instructions, press CTRL+X, then Y, then ENTER. Now we are all set for hostapd.conf.
- interface: The name of the wireless adapter that we are using in monitor mode.
- driver: The supported driver for hostapd.
- ssid: The broadcasted Wifi name.
- hw_mode=g : Simply instruct it to use 2.4GHz band.
- channel: The channel number to use for the fake access point.
- macaddr_acl=0: Tells hostapd to not use MAC filtering. [macaddr_acl=1] tells it to use MAC filtering.
- ignore_broadcast_ssid=0 : To make the fake access point visible and not hidden.
STEP 5:
Start the fake access point by doing:
hostapd hostapd.conf
You will notice that our access point will appear as an open Wifi network. Now open a new terminal window without closing the previous one. In the new terminal window, navigate back to the fap directory by doing:
cd /root/fap
STEP 6:
We will be using dnsmasq for this step. Dnsmasq is a Dynamic Host Configuration Protocol (DHCP) server that is used to resolve dns requests from or to a machine and also acts as DHCP server to allocate IP addresses to the clients. It is fast and serves a great purpose that fits our needs. We will create a configuration file for dnsmasq and put some instructions in it, just like what we did previously with hostapd. To create the file:
nano dnsmasq.conf
Add these instructions inside:
interface=wlan0mon dhcp-range=192.168.1.2, 192.168.1.30, 255.255.255.0, 12h dhcp-option=3, 192.168.1.1 dhcp-option=6, 192.168.1.1 server=8.8.8.8 log-queries log-dhcp listen-address=127.0.0.1
- dhcp-range: IP address range for the connected network clients. 12h is the amount of hours until the lease expires.
- dhcp-option=3: Gateway IP for the networks.
- dhcp-option=6: For DNS Server followed by IP address
- server: DNS server’s address
- log-queries: Log the results of DNS queries handled by dnsmasq.
- log-dhcp: Log all the options sent to DHCP clients and the tags used to determine them.
- listen-address: Links the DHCP to the local IP address which is 127.0.0.1.
Press CTRL+X, then Y, then ENTER. Now we are all set for dnsmasq.conf.
STEP 7:
Now we need to assign the interface a network gateway and netmask and then add the routing table.
ifconfig wlan0mon up 192.168.1.1 netmask 255.255.255.0 route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1
Start the DNS server by doing:
dnsmasq -C dnsmasq.conf -d
- dnsmasq -C: Specifies a different configuration file.
- -d : Tells it to keep the user id without changing it.
Open a new terminal window to continue with the next step.
STEP 8:
To provide the users with internet access, we need to forward traffic from eth0, the virtual wireless adapter that is connected to the internet, to wlan0mon. This will help you perform various attacks that can give you complete access to the user’s device. If you don’t want the users to have internet access, skip this step.
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface wlan0mon -j ACCEPT
- First command: Interface name that is used to forward traffic from.
- Second command: Interface name to receive the packets or the interface that is being forwarded to.
Now execute this command to enable IP Forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
STEP 9:
Test out your fake access point by playing the victim. Connect to your network and access any website you like, you should be able to see all the packets transmitted on the fly in the terminal.
Hostapd will show the mac address as soon as a device has connected to the network.
On the other terminal window where dnsmasq is running, you will find out what the device is trying to access in details. For this example, the user is accessing zsecurity.com.
For this example, the user is accessing facebook.com and so on.
Closure:
This shows how powerful a fake access point can be. Once you got your targets connected, you will have many attacks available that could eventually control the user’s device.
Setting up a fake access point can teach you the security of the network, and how a network typically works. It will also show you what the person in control of the network can do with the connected devices. As we saw previously, you can pretty much have access to all the packets that the user’s device is requesting.
If you happen to be connected to a public and unsecure network, A simple way to solve and protect yourself is to use a reputable VPN. A VPN will decrypt the packets making it impossible for the person controlling the network from seeing what the user is accessing. ZSVPN is highly recommended as it doesn’t store any data from the user. You can download it here.
You may also like
Best Operating System for Hacking
HiddenEye – The All in One Phishing Solution
Creating a Vulnerability Management Strategy
Leave A Reply
You must be logged in to post a comment.
30 Comments
My realtek adapter that I bought on this page doesn’t get renamed to wlan0mon it stays wlan0. It also doesn’t work with tools like fluxion. I will try to do it using this tutorial later and update this.
Hello there,
It doesn’t have to be renamed to “wlan0mon”. You can still use the card as “wlan0” just fine.
What issues are you facing in Fluxion? can you be more specific please.
iwconfig wlan0 mode monitor
Error for wireless request “Set Mode” (8B06) :
SET failed on device wlan0 ; Operation not permitted.
Hello there,
What kind of network adapter are you using?
now, it works. Thank you very much!
Glad you figured it out 🙂
My android says “Failed to obtain IP address” when trying to connect
In step 4, how do I set the hw_mode to 5 GHz instead of 2.4?
Hello Christopher,
If you want to set it to 5 GHz, Just replace “g” with “a”
Like this: hw_mode=a
Hope this helps.
Hello Maythem.
I replaced the g with an a and I got an error while launching the hostapd hostapd.conf in the terminator, I have everything set as shown in step 4.
I get this message:
Configuration file: hostapd.conf
wlan0: IEEE 802.11 Configured channel (6) not found from the channel list of current mode (2) IEEE 802.11a
wlan0: IEEE 802.11 Hardware does not support configured channel
Could not select hw_mode and channel. (-3)
wlan0: interface state UNINITIALIZED->DISABLED
wlan0: AP-DISABLED
wlan0: Unable to setup interface.
wlan0: interface state DISABLED->DISABLED
wlan0: AP-DISABLED
wlan0: CTRL-EVENT-TERMINATING
hostapd_free_hapd_data: Interface wlan0 wasn’t started
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Hello,
What kind of network adapter are you using?
It is possible that it doesn’t support 5GHz mode.
Hi.
The network adapter I’m using is Realtek RTL8812AU 2.4 & 5 Ghz USB Wireless Adapter. I bought it from here.
Hello Christopher,
lets check a couple of things first, have you tested the fake AP using 2.4 GHz? and did it work properly?
Also, double check if your network interface is called wlan0 and not wlan0mon after you started monitor mode (by using ifconfig). And double check that the naming is the same in the hostapd.conf for “interface=”
Hello Maythem.
Yes I’ve tested this on 2.4 Ghz and it worked. I’ve also double checked so my network interface is called wlan0 and not wlan0mon and it says wlan0 in hostapd.conf and also in dnsmasq.conf
Hello,
The issue is most likely linked with the channel you are working on.
First lets try setting up the wireless card in monitor mode using the manual method which is:
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
Once that is done, edit your hostapd.conf file using nano and change the channel to 36 “channel=36”
Now run hostapd and test it and let me know if the problem persists.
Hello Maythem.
I tried changing the channel from 6 to 36 in nano and now it works. Thanks for the help.
By the way, is it possible to add both 2.4 and 5 GHz at the same time by changing the hw_mode?
Hello,
Hostapd cannot create a dual-band AP (5ghz and 2ghz at the same time) even with two cards. But it can create multiple APs with the same SSID.
Sir, how to upstream the internet in the fake acess point so that user don’t get suspicious…
Hello,
Please revise step 8 and step 9.
If that didn’t answer your question please let me know.
Hello Maythem,
After connecting to my android is shows no internet access even after following step7.
Hello Riconan,
Does this issue only occur on you android device? please try with different devices and let me know.
Also can you show me the output of ifconfig please.
hostapd is saying handle_probe_req: send failed and I’m unable to connect on any devices..
pls help
Hello Legend,
lets gather some information to solve this, what wireless adapter are you using?
Is this your first time running hostapd? if not, did it have issues before?
Can you copy and paste the whole hostapd output?
After step 5 the result is —-
Configuration file: hostapd.conf
Could not read interface wlan0mon flags: No such device
nl80211: Driver does not support authentication/association or connect commands
nl80211: deinit ifname=wlan0mon disabled_11b_rates=0
Could not read interface wlan0mon flags: No such device
nl80211 driver initialization failed.
wlan0mon: interface state UNINITIALIZED->DISABLED
wlan0mon: AP-DISABLED
wlan0mon: CTRL-EVENT-TERMINATING
hostapd_free_hapd_data: Interface wlan0mon wasn’t started
Hi Surya,
It seems like wlan0mon isn’t detected or the name is different.
Can you copy and paste the output of iwconfig after doing step 2 please?
Configuration file: hostapd.conf
Line 2: invalid/unknown driver ‘n180211’
1 errors found in configuration file ‘hostapd.conf’
Failed to set up interface with hostapd.conf
Failed to initialize interface
wireless adapter using PANDA PAUO6
nl80211 driver initialization failed.
wlan1mon: interface state UNINITIALIZED->DISABLED
wlan1mon: AP-DISABLED
wlan1mon: CTRL-EVENT-TERMINATING
hostapd_free_hapd_data: Interface wlan1mon wasn’t started
bash: /proc/sys/net/ipv4/ip_forward: Permission denied
After step 5 this came up
Can you tell what’s the issue
[email protected]:~/fap# hostapd hostapd.conf
Configuration file: hostapd.conf
nl80211: Could not configure driver mode
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
nl80211 driver initialization failed.
wlan0: interface state UNINITIALIZED->DISABLED
wlan0: AP-DISABLED
wlan0: CTRL-EVENT-TERMINATING
hostapd_free_hapd_data: Interface wlan0 wasn’t started
good day. Please i urgently need your help. I am working on IoT devices in my home . i want to sniff packets between my mobile app and IoT devices and get wireshark to capture for me to analyze. I followed the steps in this article to create the fake access point and then connect my IoT devices. Iam having the following issues
after changing to monitor mode the usb wifi card Alfa AWUS036ACH changed back to master after running the hostapd, setting the ip, run and dnsmasq.
I noticed the ssid is not showing in under my wireless or android phone.
My set up is windows 10 with Vmware workstation and kali 2019.04 vm installed.
What can i do? or how can i set up to capture communication of my IoT devices and the 802.11 communication.
anu