Creating a fake access point (honeypot)

Fake access points can be handy in many scenarios, one example is creating an open AP, this will attract a lot of clients, many of which will automatically connect to it. Then we can sniff all the traffic created by the clients that connect to it, and since its open, the traffic will not be encrypted!

In order to do this, we need two cards:

1. One connected to the Internet.

2. WiFi card to broadcast as an access point.

Clients now send requests to the hacker's wifi card, the hacker sets up his machine so that every request coming from the wifi card is forwarded to the 2nd card that's connected to the Internet.

The response comes back from the 2nd card, through the hacker's machine to the wifi card which forwards it to the client that requested it.

Tool: Mana-Toolkit

Mana-Toolkit makes the whole progress very simple, it automatically creates a new AP and starts sslstrip/firelamp and even attempts to bypass HSTS which is used by Gmail and Facebook.

Mana has 3 main start scripts:

1. Start-noupstream: starts an AP with NO internet connection.

2.Start-nat-simple: this starts a regular AP using Internet connection in the upstream interface.

3.start-nat-full: starts AP with an Internet connection, it also starts sslstrip, sslsplit, firelamp and attempts to bypass HSTS.

apt-get install mana-toolkit

gvim /etc/mana-toolkit/hostapd-mana.conf

gvim /usr/share/mana-toolkit/run-mana/start-nat-simple.sh

bash /usr/share/mana-toolkit/run-mana/start-nat-simple.sh

The first ethernet card connects to the Internet.

The second wifi card is ready for use.

Download and install Mana from https://github.com/sensepost/mana.

Modify the start-nat-simple.sh file.

Modify the hostpad-mana.conf file.

Run mana script successfully.

bash start-nat-simple.sh

But it doesn't work well. Please see the detailed information:

https://www.slideshare.net/sensepost/improvement-in-rogue-access-points-sensepost-defcon-22

More information about hostpad setting:

https://github.com/sensepost/hostapd-mana/blob/master/hostapd/hostapd.conf

I will try Berate_ap or BetterCap later.

https://github.com/sensepost/berate_ap

https://www.bettercap.org/intro/

Ethical Hacking - NETWORK PENETRATION TESTING(6)的更多相关文章

  1. Ethical Hacking - NETWORK PENETRATION TESTING(15)

    ARP Poisoning - arpspoof Arpspoof is a tool part of a suit called dsniff, which contains a number of ...

  2. Ethical Hacking - NETWORK PENETRATION TESTING(22)

    MITM - Wireshark WIreshark is a network protocol analyser that is designed to help network administa ...

  3. Ethical Hacking - NETWORK PENETRATION TESTING(14)

    MITM - ARP Poisoning Theory Man In The Middle Attacks - ARP Poisoning This is one of the most danger ...

  4. Ethical Hacking - NETWORK PENETRATION TESTING(13)

    Nmap Nmap is a network discovery tool that can be used to gather detailed information about any clie ...

  5. Ethical Hacking - NETWORK PENETRATION TESTING(12)

    Post Connection Attacks Sophisticated attacks that can be used after connecting to the target AP. Ga ...

  6. Ethical Hacking - NETWORK PENETRATION TESTING(11)

    Securing your Network From the Above Attacks. Now that we know how to test the security of all known ...

  7. Ethical Hacking - NETWORK PENETRATION TESTING(10)

    WPA Craking WPA was designed to address the issues in WEP and provide better encryption. The main is ...

  8. Ethical Hacking - NETWORK PENETRATION TESTING(8)

    WEP Cracking Basic case Run airdump-ng to log all traffic from the target network. airodump-ng --cha ...

  9. Ethical Hacking - NETWORK PENETRATION TESTING(7)

    Gaining Access to encrypted networks Three main encryption types: 1. WEP 2.WPA 3.WPA2 WEP Cracking W ...

  10. Ethical Hacking - NETWORK PENETRATION TESTING(5)

    Deauthentication Attacks Theory This attack is used to disconnect any device from any network within ...

随机推荐

  1. HTML中doctype的作用及几种类型详解

    一.DOCTYPE标签的定义与作用 <!DOCTYPE>是一个用于声明当前HTMl版本,用来告知web浏览器该文档使用是哪种 HTML 或者 XHTML 规范来解析页面,以便浏览器更加准确 ...

  2. cb32a_c++_STL_算法_查找算法_(5)adjacent_find

    cb32a_c++_STL_算法_查找算法_(5)adjacent_findadjacent_find(b,e),b,begin(),e,end()adjacent_find(b,e,p),p-par ...

  3. 05.DRF-Django REST framework 简介

    一.明确REST接口开发的核心任务 分析一下上节的案例,可以发现,在开发REST API接口时,视图中做的最主要有三件事: 将请求的数据(如JSON格式)转换为模型类对象 操作数据库 将模型类对象转换 ...

  4. Ray射线检测和Recources.Load

    记录射线检测常用的方法,以及Rocources.Load的常用用法 使用代码实现鼠标点击在鼠标点击处生成制定gameObject RayCastHit hit; void Update() { Ray ...

  5. Axis WSDD文件参考文档

    本部分介绍的所有的WSDD元素的名称空间都是"http://xml.apache.org/axis/wsdd/". <deployment> 告诉Axis Engine ...

  6. 几个超级实用但很少人知道的 VS 技巧

    大家好,今天分享几个我知道的实用 VS 技巧,而这些技巧我发现很多人都不知道.因为我经常在工作中遇到:我在同事电脑上解决问题,或在会议上演示代码示例时,使用了一些 VS "骚"操作 ...

  7. 数据库char varchar nchar nvarchar,编码Unicode,UTF8,GBK等,Sql语句中文前为什么加N(一次线上数据存储乱码排查)

    背景 公司有一个数据处理线,上面的数据经过不同环境处理,然后上线到正式库.其中一个环节需要将数据进行处理然后导入到另外一个库(Sql Server).这个处理的程序是老大用python写的,处理完后进 ...

  8. robot framework使用小结(二)

    robot framework关键字驱动采用分层,结合Template做成数据驱动 我个人觉得不管是关键字驱动还是数据驱动,都是基于模块(或者是函数)的概念 新建测试案例baidu02,添加Libra ...

  9. Python元类实战,通过元类实现数据库ORM框架

    本文始发于个人公众号:TechFlow,原创不易,求个关注 今天是Python专题的第19篇文章,我们一起来用元类实现一个简易的ORM数据库框架. 本文主要是受到了廖雪峰老师Python3入门教程的启 ...

  10. JAVA集合框架 - Collection

    collection大致介绍 Collection是集合层次结构中的根接口. 集合表示一组对象.有些集合允许重复元素,有些则不允许.有些是有序的,有些是无序的. JDK没有提供此接口的任何直接实现:它 ...