Hello fellow null-byte users,
I was wondering if it is possible to create an Evil Twin (an AP with the same ssid) and make every connection go through a locally hosted login page? And after they login just send them to an error page. This would be usefull for capturing login credentials on login page's they expect. You could, for instance, open a ap called 'T-Mobile Hotspot' sent them to a forged T-mobile login page and capture a lot of login credentials.
I have tested airbase-ng but I can't seem to get DCHP working without an actual internet connection.
My setup: A raspberry pi running Raspbian (I know, not the best, but portable and not easily detected)
Wifi card: PTA01 (Chipset: Atheros AR9002U) Supports packet injection
(I could test the raspberry pi version of kali, but I didn't like it as much)
I have tried to use the app PwnSTAR, which kind of claims to be able to do it, but I didn't get it working properly (I have attached the github to PwnSTAR)
Anyone an idea?
SilverFoxx/PwnSTAR · GitHub
PwnSTAR (Pwn SofT-Ap scRipt) - for all your fake-AP needs!
6 Responses
If anyone needs any more information, be sure to ask and I'll add it in the OP.
Bart:
The answer is an uneqivocal yes. There is an app called airsnarf that does just that. I'm working on revising on old script and posting a tutorial on it soon.
Thanks for your fast reply! I have followed nearly all of your tutorials and will definitely be looking forward to this one. I will play around with airsnarf in the mean time!
(your tutorials made me get somemuch into pentesting and linux, thanks!)
Everything is ancient, all 2009 and designed for Red Hat 9.0 :p still trying though.
Does someone know how to fix these errors? I suspect it has mostly to with me not having installed 4 year old programs?
http://pastebin.com/g6t6Zt32
otherwise I will just wait for OTW updated tutorial :)
I am going off the top of my head. The only reason you get that error is the adapter does not support the mode it is trying to be put in i.e. Master or Monitor. Pretty sure thats in the ballpark but maybe foul. I would need info.
"Everything is ancient, all 2009 and designed for Red Hat 9.0" <--
Conjecture. You can do it. ;-)
<!-- Did you try to put the card in managed mode yet? -->
------------------------
Device Specs
------------------------
Philips PTA01 /00
Manuf/OEM/ODM Alpha Networks WUS-N11
FCC approval date: 13 May 2010
Country of manuf.: China
Amazon image
ASIN
B003CXT2W4 (Flag of the United States.svg, On Amazon, On CCC)
Interface: USB
USB 2.0
Connector: Male A
Form factor tags: dongle
ID: 0471:209e
Windows: USB\VID_0471&PID209E
FCC ID: BOUWUB1110
Chipset: Atheros AR9002U
WI1 chip1: Atheros AR9271
Probable Linux driver
ath9khtc (in backports, open firmware)
USB ID first seen in kernel v4.1 (2015-04-27)
Antenna connector: U.FL
bgn, 1x1:1
OUI: 5C:33:8E (-, 3 W, 2010)
FCC ID
Philips WUB1110 BOUWUB1110
Well I can succesfully inject deauth packets, enable monitor mode, capture wpa2 handshakes and succesfully crack them. I also can just use the wget command to downoad this through the dongle.
Enough evidence the drivers are succesfully patched ? ;)
I can provide some logs if you're interested.
Share Your Thoughts