We discussed earlier how to use Hostapd to configure our access point. In this example, we will also demonstrate another Kali Linux application, known as airbase-ng, to accomplish the same outcome. This is an alternative to the earlier procedure. When the wireless clients connect to our access point, we provide them with Internet connectivity through our wired Ethernet connection. While in this example, we assume that there is an available Ethernet connection on the attacker machine; this can also be accomplished via another wireless adapter or 3G/4G card.
Follow these steps:
#ifconfig
The following output shows that the wireless adapter is up and ready for our attack setup. #ifconfig –a
shows all interfaces present in the system; in our case, wlan0
is the wireless interface that we will use to set up our evil twin access point.
wlan0
wireless interface. Depending on your unique configuration, the wireless interface may possibly be named wlan1
or wlan2
. We will leverage the aircrack-ng suite of tools, specifically airmon-ng, to bring up this new monitor mode interface. Use the following command to start a monitor mode on the wlan0
interface:#airmon-ng start wlan0
The following screenshot shows the successful creation of the monitor mode interface on wlan0
, named mon0
. For monitor mode functions, we will be using this new virtual monitor interface rather than the wlan0
interface directly.
mon0
:#airbase-ng –essid netgear –c 6 mon0
You should be able to see something like what is shown in the following screenshot:
On the successful creation of the new access point, another new virtual interface named at0
will be created.
Here are some airbase-ng options:
|
Specifies the SSID (the access point name) to be created |
|
Signifies the channel on which the access point will be functioning |
|
The monitor mode interface |
We have successfully created the new virtual access point interface. Now it is time to bridge the two networks with each other in order to provide Internet access to the wireless clients. Here, we assume that eth0
is the wired interface and at0
is created by airbase-ng. mitm
is the name of the bridged interface.
brctl
command used here is part of the bridge-utils
package; use the apt package manager to install it with the following command:#apt-get install bridge-utils
Using either Hostapd or airbase-ng, the evil twin AP is now configured and ready to service client victims. The attacker is able to view which sites the clients are accessing through the access point; they can log the data for future reference and even alter the data using Ettercap. The key is getting the client to accept your access point and then using your position in the traffic flow to be able to capture sensitive information to further your penetration test.
Next, we'll demonstrate other techniques that can be leveraged once you've established your position as the MITM.
3.133.138.177