Back|Track – Fake WIFI AP
Hi guy’s i’m gonna show you how to create an Fake AP
airssl.sh creates a fake access point using Airbase-ng and uses sslstrip to bypass ssl encryption, it also offers the user the choice to use Driftnet to capture images.
Requirements
- BackTrack
- At least 1 Wireless Network Interface Card (2 Wireless Network Interface Card if you’re connected to internet over wireless for example wlan0 [connection to internet] wlan1 [broadcast the fake network])
- A little bit of knowledge in network and BackTrack
So let’s get to work
- download this script as airssl.sh (save in the desktop for easer access!)
- Open the konsole
- Open the following commands
- Now you should see something like this…
- Now input your gateway
- Now input the interface you will use to create the Fake access point… in my case it will be wlan1 since i’m connected to the internet throw wlan0 and you can create a fake access point using eth0 or other interface (you can open a new konsole and type airmon-ng to see the interfaces avaible on your computer)
- Now choose the name of your access point
- I will use option N but option A is also a good option
- Now i advise you to use N but if you are a expert you can use Y
- Now only check the window called “SSLStrip-Log” for the logins or check the file sslstrip.log
- When you’re done press Y in the konsole
chmod 775 /root/airssl.sh
/root/airssl.sh
AIRSSL 2.0 - Credits killadaninja & G60Jon
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0
Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1:
As you can see i’m connected to the internet throw wlan0 and my gateway is 192.168.1.1
Now you should see this…
Airbase-ng will run in its most basic mode, would you like to configure any extra switches?
Choose Y to see airbase-ng help and add switches.
Choose N to run airbase-ng in basic mode with your choosen ESSID.
Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY.
Y, N or A
Ettercap will run in its most basic mode, would you like to configure any extra switches for example to load plugins or filters, (advanced users only), if you are unsure choose N
Y or N
Would you also like to start driftnet to capture the victims images, (this may make the network a little slower),
Y or N
Now i will use N i never used Y then i don’t know how that works…
Too confuse? Here is the video
Hitman.pt Blog 
Nice tut.. 🙂 Keep it up!
March 14, 2011 at 7:23 pm
Thanks… I will post more tuts soon as possible
March 19, 2011 at 12:10 am
nice one, keep it up
April 21, 2011 at 11:43 am
Any chances of me getting in the team?
May 6, 2011 at 7:33 am
IDK how good are your skills?
May 6, 2011 at 1:46 pm
Im having an issue running in in BT5,
“xterm: Can’t execvp dhcpd3: No such file or directory”
if you could help me out on that
March 18, 2012 at 7:31 pm
hi i would like to know can view other computers wifi password
May 28, 2011 at 7:57 am
I’m not getting the question :S
May 28, 2011 at 9:25 pm
hi i cant use airssl.sh
May 29, 2011 at 3:20 am
Did you use the chmod 777 to the file?
try put it in your desktop and open a console and type
./airssl.sh
You can’t use any destribution of Linux to do this… You must use BackTrack 4 or 5
May 29, 2011 at 10:41 am
Respect dude!
June 9, 2011 at 1:25 pm
My Fake AP start perfectly but i’m trying to connect. Get unable to connect message. How can i fix this issue ?
June 25, 2011 at 6:19 pm
Trying to connect? To the wireless network? If the problem is connecting to the wireless network tell me the options you used… That will help me understand what’s wrong
June 28, 2011 at 10:24 am
dosent run in BT 5: “Unknow user dhcpd”. Run with root privileges.
July 11, 2011 at 3:25 pm
About BT 5 i didn’t tested the script yet… so i don’t know if it’s working…
July 11, 2011 at 8:11 pm
please make a bt5 copy of it sir because i am in need of it thanks
mailto:kencyk99@gmail.com
August 19, 2011 at 10:33 am
version bt5 kde sir hop you can help
August 23, 2011 at 12:08 pm
I Will see what I can do
August 25, 2011 at 8:30 pm
I guys,
Got the same error on my windows machine that try to connect ton my fake AP.
Connect is OK on my 2 androids phones.
Any ideas ?
Theju
August 26, 2011 at 2:02 pm
Are you using backtrack 4 or 5?
September 3, 2011 at 4:00 pm
works great on bt5…kde 32 live cd…belkin wireless nic with atheros internal nic broadcasting ap…was able to get my yahoo password but couldnt surf the net…never reconfig’d dhcp file…need help on it
September 6, 2011 at 3:20 am
I’m reviewing the source code… But when I’ve wrote the script I had the same problem… But now I have other problem… my backtrack machine broke down… so what i though that would take a few days or weeks can take months… but what’s up with dhcp file?
September 6, 2011 at 1:22 pm
jus thought it needed to be configured to match ap settings…been browsing the net and read sumthing about it
September 6, 2011 at 8:34 pm
I think the script does the job… So you don’t need to change anything in the dhcp file
September 7, 2011 at 10:13 am
RUNNING THIS ON BACKTRACK 5 R1
figured it out. the script itself if fine, it’s certain programs/scripts that it calls are either missing or improperly configured
errors I got :
sslstrip unknown command
dhcpd3 unknown command
ettercap unknown command
solutions:
sslstrip – it is present, but not installed properly. do the following
cd /pentest/web/sslstrip
python setup.py install
dhcpd3 – not present/installed. while connected to the internet, run the following commands
apt-get install dhcp3-server
ettercap – not present/installed. while connected to the internet, run the following commands
apt-get install ettercap
there you go.
-nx
September 20, 2011 at 4:40 am
Thanks for helping other member in this blog 😉
September 20, 2011 at 6:52 pm
any one know where to download bt4 r2 direct
November 30, 2011 at 8:47 pm
Explain the very cool ~
Thank you
December 8, 2011 at 9:09 pm
Everything works incredibly well on BT5R1, I only have one problem:
When connecting from my test Win 7 box, I can connect to the fake AP but can’t get internet access. I didn’t use the chmod 777, could that be the problem? Thanks!
Great work on this
January 17, 2012 at 2:59 am
I may have figured it out.
My host OS is connected through wlan0 to my home router. So, I believe a second wifi apadpter on top of my ALFA because VMWare, in conjunction with airssl.sh, won’t be able to use the “Ethernet” connection VMWare has created from my host OS’s actually wireless connection to act as the second wifi adapter…?
Long story short, my BT5R1 VM is using my ALFA adapter to broadcast the fake AP, while at the same time dropping it’s WiFi connection to my router….
And this (I think) explains why my separate Win7 Box can connect to the fake AP I have created, but not to the internet?
Hopefully that doesn’t take more than a read or two to make sense of!
Thanks again
January 17, 2012 at 3:14 am
I get an error xterm: can’t execut dhcp3d no such file or directory using bt5 r1…any ideas? Same error for sslstrip
January 23, 2012 at 3:29 am
NVM…I got it…just skimmed past the solution a few posts up…my bad
January 23, 2012 at 4:01 am
I’m getting Permissin Denied error and I’m login as root. How can I run the script?
February 24, 2012 at 10:10 pm
Hey guys,
i set this nice thing up under VMWare. It seems that it works but im not able to connect to the fake-ap neither with my winxp machine or android device. i changed nothing in the airssl.sh. The devices try to connect to the fakeap but they wont be able to establish a connection to the fakeap. pls could somebady help ?
March 3, 2012 at 5:38 pm
Could you make a tutorial about installing and using Karma on BackTrack 5?
Or if not Karma then Karmetasploit? I tried to use Karma but it worked badly because I didn’t have madwifi installed =(
March 16, 2012 at 1:08 pm
hi, nice script.
but i have the same problem than Spectrum.
my AP appears,
in “fake ap windows”, it said client xx:xx:xx….. associated to ESSID: “xxxx”
so it seem good, but cant get internet : “limited connectivity” on my victim machine (win7)
i’m on BT5 r2 32bit persistent.
i used one alfa awus036h and one liksys usb54gc
and i made the upgrade noobsaibot told about.
any suggestion?
my linksys to connect to internet, my alfa to create the AP.
March 28, 2012 at 2:40 pm
this is amazing
April 24, 2012 at 2:49 pm
am using 64 bit backtrack 5r2.
Everything is running fine besides the actual sslstrip trail, it churns up the error below. any idea why?
xterm: can’t execvp sslstrip: no such file or directory
p.s am prity sure it is there because YAMAS script runs ssl strip fine
April 25, 2012 at 12:04 am
Let me watch into it… I come back to you e a few days
May 4, 2012 at 1:21 pm
Still cant find the problem… :-\ the script runs fine for me
May 23, 2012 at 8:53 am
This scrip looks really cool and thanks for it, but I’m having issues obtaining an ip address (as a client trying to join the fake ap [with either switch]). Do you have a suggestion for that?
im on bt5 via virtualbox and my et0 gateway ip is 10.0.2.2 (I wasnt sure if that would cause an issue)
Thanks
June 12, 2012 at 11:02 pm
Probably… Try direct connect to the router… I recomend VMWare that has that option or if you have 2 computer to test… launch bt5 live cd on one pc and test…. Good Luck
June 23, 2012 at 11:41 am
Getting an error:ssLstrip no such directory
June 28, 2012 at 9:43 pm
All seems to work well and my wireless test client connects and get’s an IP address but doesn’t seem to want to route out via the wired internet connection on eth0 😦 any ideas?
July 14, 2012 at 1:45 pm
Thanks , I’ve recently been looking for info about this subject for a long time and yours is the greatest I’ve found out
so far. However, what in regards to the bottom line? Are
you sure about the supply? Check out my website to get more info about
forex, if you like.
August 1, 2012 at 2:04 am
sorry but the download script doesn’t work. how we can do ? thanks
September 24, 2012 at 4:56 pm
this guy can’t help you out with your configuration problems because he just re posted killadaninja’s script and doesn’t understand anything about it. Look back through his replies and it’s obvious he has no idea what up… just Google killadaninja and you will find much better guides on setting up HIS script.
December 31, 2012 at 6:11 pm
If you desire to obtain a great deal from this article then you
have to apply such techniques to your won webpage.
January 23, 2013 at 10:51 am
Could anyone send me the script at claudiu.toby@yahoo.com
I would greatly appreciate it
February 11, 2013 at 2:16 pm
I Need To Get In Im Awsome At Computer Skills i Can Hack Do Lots Of Stuff Give people viruses and yea ill join Oh And Check Out this website i hacked Gaw7.com Oh And its GodMist Here GodMist Signing Out!
April 1, 2013 at 11:41 am
Um, no it’s really not.
December 8, 2013 at 4:34 pm
Would someone mind posting a copy of the script to pastbin pls.
August 13, 2014 at 4:46 am
Hey there Twitter operates perfectly however your website is loading slowly which had taken just about a few minutes to
be able to load, I don’t know if it’s my issue perhaps web site problem.
Well, I appreciate you for writing an extraordinarily brilliant article.
I’m sure it really has been literally useful to user who click here.
I personally have to tell you that you really have done amazing job with this and wish to see many more great content through you.
I have got you book marked to look at blog you publish.
October 5, 2014 at 2:07 am
HI
1) Is this make a mirror the existing accesspoint as fake ap?
2) How can be sniffing https passwords?
3) At the time to connect on my fake ap his sent to me the wep/wpa/wpa2 password,can i sniff that password?
“im sorry for my english”
Regards
March 26, 2015 at 5:33 am
Hello there! Your website is running slow , this consumed sort of a minute or
so to finally load up, I personally dont know whether it’s entirely me or your web-site however
, twitter loaded fine for me. However , thank you for publishing impressive
article. Most people who actually stumbled on this great site should have observed this article really beneficial.
I really hope I will be able to find more remarkable stuff
and I should really complement simply by stating you have
carried out wonderful work. To obtain more knowledge by posts that you publish,
I actually have saved to my bookmarks this site.
July 12, 2015 at 5:41 am
Hey! Your websites are running lagging , it took just like a minute
to successfully load up, I really have no idea whether it’s entirely me or maybe your web-site on the other hand google and yahoo performed acceptable for me.
Nevertheless, I appreciate you for writing an incredibly brilliant article.
Everybody who actually stumbled on this site must have noticed
this short article literally valuable. I must point out that you actually have done excellent
job with this and also hope to discover even more brilliant stuff from you.
Right after viewing the content, I’ve book-marked
the website.
August 21, 2015 at 10:46 am
Wow I don’t know whether or not it’s me or possibly your blog post but it is loading
extremely sluggish for me, I had to spend sort
of a few minutes in order to load up on the other hand gmail works properly for me.
Around the other hand I appreciate you for publishing fabulous article.
In my opinion it really has been totally helpful individual who seem to visit here.
This is actually wonderful everything that you have concluded and
would like to discover even more great content from you.
I ‘ve got your site book marked to check new stuff you post.
October 16, 2015 at 1:54 am